DCMA’s Cybersecurity Oversight Takes Shape: Revised CPSR Guidebook Outlines DFARS Safeguarding Clause Audit Standards

Client Alert | 1 min read | 03.06.19

Following guidance issued by Under Secretary of Defense Lord, the Defense Contract Management Agency (DCMA) has revised its Contractor Purchasing System Review (CPSR) Guidebook to incorporate new standards DCMA auditors will use to assess contractor supply chain management under the DFARS Safeguarding Clause 252.204-7012. Notably, the new standards require contractors to “validate” that their subcontractors have information systems “that can receive and protect” Covered Defense Information (CDI) and to “determine” whether subcontractor systems are “acceptable.” Other new standards require contractors to demonstrate:

How CDI is properly marked and securely transferred to subcontractors; and
How subcontractor notifications regarding requests to vary from the NIST requirements and the submission of cyber incident reports are managed and documented.

The revisions also emphasize that 252.204-7012 is not an indiscriminate flowdown and applies only where the subcontractor will be utilized for operationally critical support or performing duties that involve CDI.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Christopher D. Garcia
Counsel
- Washington, D.C.
  - D | +1.202.688.3450
Y2dhcmNpYUBjcm93ZWxsLmNvbQ==
Nicole Owren-Wiest
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2863
bm93cmVud2llc3RAY3Jvd2VsbC5jb20=
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 2 min read | 06.12.25

IPR May Be Discretionarily Denied Because of “Settled Expectations” Where Petitioner Has Long Known of Challenged Patent

Acting USPTO Director Coke Morgan Stewart issued a Director Discretionary decision on June 6, 2025, in iRhythm Technologies Inc. v. Welch Allyn Inc., IPR2025-00363, -00374, -00376, -00377, and -00378 Paper 10 (PTAB June 6, 2025). This decision granted Patent Owner’s request for discretionary denials of institution in five related IPR challenges. It follows several recent Director decisions that have all discretionarily denied petitions for reasons other than the substantive merits of the challenges. However, this decision is the first one that relies upon “[s]ettled expectations of the parties, such as the length of time the claims have been in force,” a new consideration that was first articulated in the USPTO’s “Interim Process for PTAB Workload Management” memorandum (“Interim Memo”) dated March 26, 2025....

Client Alert | 1 min read | 06.12.25
P-R-C You Later! GSA Previews Final Transition to Transactional Data Reporting for Schedule Contract Pricing
Client Alert | 5 min read | 06.11.25
Steel Tariffs Doubled: How the Hike Could Reshape Construction Projects at Home and Abroad
Client Alert | 5 min read | 06.11.25
The FCPA Pause Is Over: Trump DOJ Issues Long-Awaited FCPA Investigations and Enforcement Guidelines

View All Insights