DCMA’s Cybersecurity Oversight Takes Shape: Revised CPSR Guidebook Outlines DFARS Safeguarding Clause Audit Standards

Client Alert | 1 min read | 03.06.19

Following guidance issued by Under Secretary of Defense Lord, the Defense Contract Management Agency (DCMA) has revised its Contractor Purchasing System Review (CPSR) Guidebook to incorporate new standards DCMA auditors will use to assess contractor supply chain management under the DFARS Safeguarding Clause 252.204-7012. Notably, the new standards require contractors to “validate” that their subcontractors have information systems “that can receive and protect” Covered Defense Information (CDI) and to “determine” whether subcontractor systems are “acceptable.” Other new standards require contractors to demonstrate:

How CDI is properly marked and securely transferred to subcontractors; and
How subcontractor notifications regarding requests to vary from the NIST requirements and the submission of cyber incident reports are managed and documented.

The revisions also emphasize that 252.204-7012 is not an indiscriminate flowdown and applies only where the subcontractor will be utilized for operationally critical support or performing duties that involve CDI.

Contacts

Christopher D. Garcia
Counsel
- Washington, D.C.
  - D | +1.202.688.3450
Y2dhcmNpYUBjcm93ZWxsLmNvbQ==
Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 03.24.26

California Considering A Massive Expansion of Its Antitrust Laws

Legislative efforts to significantly expand California’s antitrust laws are working their way through the state legislature. The most comprehensive overhaul is Assembly Bill 1776 — the Competition and Opportunity in Markets for a Prosperous, Equitable and Transparent Economy (COMPETE) Act, introduced by Assembly Majority Leader Cecilia Aguiar-Curry, on March 23, 2026. AB 1776 is modeled closely after draft legislation recommended by the California Law Revision Commission (CLRC) in December. AB 1776 would not only significantly expand potential liability for single-firm conduct and monopolization but would also explicitly decouple California antitrust analysis from certain federal standards. Companies doing business in California should pay close attention to AB 1776 because of its potentially dramatic impact, including increased exposure to antitrust litigation and increased compliance costs....

Client Alert | 2 min read | 03.23.26
ACTS Survey Compliance Deadline Temporarily Extended: What Higher Education Institutions Need to Know
Client Alert | 1 min read | 03.23.26
The Top FCA Developments of 2025
Client Alert | 7 min read | 03.23.26
UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner

View All Insights