Forget The Showers. April Brings Flurry of New Cyber Guidance.
Client Alert | 1 min read | 05.01.18
April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:
- COTS and commercial items
- Scope of covered defense information
- Conflicts with foreign laws
- Subcontractor flowdowns
- System security plans (SSPs) and plans of action & milestones (POAMs)
- Requirements for FIPS-validation, multifactor authentication, and marking
- Cybersecurity requirements beyond NIST SP 800-171
- Cloud service providers
- Examples of cyber incidents
- Guidance for small businesses
- DCMA oversight
Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 3 min read | 07.10.26
In Utech, Inc. v. United States, No. 24-1586 (Fed. Cir. June 24, 2026), the U.S. Court of Appeals for the Federal Circuit clarified that in most cases, a pre-award protest must be filed before the proposal submission deadline to avoid the Blue & Gold waiver rule. This decision, while nonprecedential, is in line with U.S. Government Accountability Office (GAO) precedent, which has long held that pre-award protests must be filed before the proposal submission deadline.
Client Alert | 5 min read | 07.10.26
Client Alert | 6 min read | 07.09.26
EU Steel Overcapacity Regulation: New Permanent Measure in Force from 1 July 2026
Client Alert | 5 min read | 07.09.26
Made in the USA? Prove It: FTC Marks America's 250th with Crack Down on Domestic Origin Claims
