DoD Meets Contractors Half-Way at Industry Information Day

Client Alert | 1 min read | 06.28.17

On June 23, the Department of Defense hosted its highly anticipated Industry Information Day to respond to feedback received from the contracting community regarding last year’s finalization of DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. Top of mind for many in attendance was the looming end-of-year deadline to implement NIST SP 800-171, including its requirements regarding multifactor authentication. By the end of the session, however, DoD representatives repeatedly stated that contractors may use system security plans (SSPs) and plans of action and milestones (POAMs) to document their anticipated implementation of the required controls and thus comply with the Clause – even if the actual implementation of those controls extends beyond 2017. A revised set of FAQs is expected next month, which should provide additional details regarding this new guidance.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 8 min read | 01.17.25

Cyber For All: Proposed Rule Introduces Government-Wide CUI Cybersecurity Requirements

On January 15, 2025, the FAR Council released a proposed rule (FAR CUI Rule) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors. The rule’s key cybersecurity requirements closely mirror the Department of Defense’s Cyber Maturity Model Certification (CMMC) program (for example, compliance with National Institute of Standards and Technology Special Publication 800-171, Revision 2), but broaden the scope to include contractors and subcontractors working across all federal agencies. The Rule is intended to standardize the handling of CUI by federal government contractors and subcontractors in accordance with Executive Order 13556, including by:...

Client Alert | 2 min read | 01.17.25
End of the Road: FHWA Rescinds Longstanding Buy America Waiver for Manufactured Products
Client Alert | 3 min read | 01.17.25
Federal Circuit Affirms COFC Decision Limiting Infringement Damages to Copies of Software Actually Used Rather Than Made
Client Alert | 3 min read | 01.17.25
Final DOD Rule Codifies 20-Year SBIR Data Protection Period and Other SBIR Program Protections While Punting Potential Changes To Marking Requirements

View All Insights