1. Home
  2. |Insights
  3. |Forget The Showers. April Brings Flurry of New Cyber Guidance.

Forget The Showers. April Brings Flurry of New Cyber Guidance.

Client Alert | 1 min read | 05.01.18

April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:

  • COTS and commercial items
  • Scope of covered defense information
  • Conflicts with foreign laws
  • Subcontractor flowdowns
  • System security plans (SSPs) and plans of action & milestones (POAMs)
  • Requirements for FIPS-validation, multifactor authentication, and marking
  • Cybersecurity requirements beyond NIST SP 800-171
  • Cloud service providers
  • Examples of cyber incidents
  • Guidance for small businesses
  • DCMA oversight

Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.


Contacts

Insights

Client Alert | 4 min read | 10.21.25

Pivot Point for 340B: HRSA Rebate Model Pilot Program Approaches Launch

The deadline for Department of Health and Human Services (“HHS”) to notify approved manufacturers of acceptance into the 340B Rebate Model Pilot Program has passed, and stakeholders across the healthcare industry should start planning for compliance and operational changes. The Model Pilot Program may also face legal challenges that could delay or disrupt implementation....