DoD's Own Cyber Monday Deal: Releasing DFARS Cyber Enhancement Guidance
Client Alert | 1 min read | 11.27.18
Just in time for the holidays, the Defense Department published final guidance to the DoD acquisition community that details strategies to enhance existing cybersecurity requirements for Covered Defense Information (CDI) provided by the DFARS Safeguarding Clause 252.204-7012. The DoD’s guidance contains two documents that clarify how DoD will communicate their cybersecurity expectations to contractors, including where those expectations exceed what the DFARS Safeguarding Clause requires:
- Guidance for Reviewing System Security Plans (SSPs) outlines how the DoD expects to evaluate contractor SSPs, including the preferred method of meeting each NIST security control and the anticipated consequences of not yet having implemented those controls.
- Guidance for Assessing Compliance and Enhancing Protections provides objectives that requiring activities can tailor to assess contractors’ safeguarding of CDI, including how to incorporate compliance with NIST SP 800-171 and supply chain management as evaluation criteria in solicitations.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 2 min read | 07.15.26
CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations
As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights.
Client Alert | 3 min read | 07.15.26
Client Alert | 3 min read | 07.14.26
Client Alert | 3 min read | 07.13.26
Amici Rally Behind Liberty Global, Urging Tenth Circuit to Rein in Economic Substance Doctrine
