Upping the Cyber Oversight Ante: DoD Deploys DCMA to Audit Contractor Supply Chain Compliance

Client Alert | 1 min read | 01.28.19

The Defense Department has unveiled plans to audit contractors’ supply chain compliance with the DFARS Safeguarding Clause 252.204-7012. Under the auspices of 252.244-7001, Contractor Purchasing System Administration, Under Secretary of Defense Ellen Lord has directed the Defense Contract Management Agency (DCMA) to review contractors’ purchasing systems with the intent of verifying compliance with the Safeguarding Clause’s flowdown requirements. Notably though, the scope of DCMA’s review appears broader than the Clause’s textual requirements. Specifically, DCMA will review contractor procedures to:

Ensure that Tier 1 Level Suppliers are receiving properly marked Covered Defense Information (CDI), or instructions on how to do so; and
“Assess compliance” of Tier 1 Level Suppliers with both the Clause and NIST SP 800-171.

The memorandum is the latest signal from the DoD that it views the Safeguarding Clause’s flowdown requirements as more than a check-the-box exercise and an increasingly important piece of its overall cybersecurity.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 2 min read | 04.15.26

Who Invented That? When AI Writes the Code, Patent Validity Issues May Follow

In Fortress Iron, LP v. Digger Specialties, Inc., No. 24-2313 (Fed. Cir. Apr. 2, 2026), the U.S. Court of Appeals for the Federal Circuit reaffirmed what happens when a patent incorrectly lists the true inventors, and that error cannot be corrected under 35 U.S.C. § 256(b), which requires notice and a hearing for all “parties concerned.” In Fortress, the patent owner sought judicial correction to add an inventor under § 256(b), but that inventor could not be located. Because the missing inventor qualified as a “concerned” party under the statute, the lack of notice and a hearing for that inventor made correction under § 256(b) impossible, and the patents could not be saved from invalidity....

Client Alert | 3 min read | 04.14.26
DOJ’s False Claims Act Resolution Against IBM Signals Heightened Risk for Federal Contractors with DEI Programs
Client Alert | 4 min read | 04.14.26
FedRAMP Solicits Public Comment on Overhaul to Incident Communications Procedures
Client Alert | 5 min read | 04.14.26
OFSI Imposes £390,000 Penalty on Apple Subsidiary for Russian Sanctions Breaches: Key Compliance Takeaways

View All Insights