1. Home
  2. |Insights
  3. |Forget The Showers. April Brings Flurry of New Cyber Guidance.

Forget The Showers. April Brings Flurry of New Cyber Guidance.

Client Alert | 1 min read | 05.01.18

April has marked a busy month for those following the DoD’s approach to contractor cybersecurity. Earlier in the month, the DoD published a much-anticipated revision to their Frequently Asked Questions regarding DFARS 252.204-7012 and other cybersecurity requirements, reflecting feedback on various questions posed by industry over the past year and including new information regarding:

  • COTS and commercial items
  • Scope of covered defense information
  • Conflicts with foreign laws
  • Subcontractor flowdowns
  • System security plans (SSPs) and plans of action & milestones (POAMs)
  • Requirements for FIPS-validation, multifactor authentication, and marking
  • Cybersecurity requirements beyond NIST SP 800-171
  • Cloud service providers
  • Examples of cyber incidents
  • Guidance for small businesses
  • DCMA oversight

Then just weeks later, the DoD issued proposed guidance for evaluating contractor cybersecurity, including implementation of NIST SP 800-171. Importantly, contractors may comment on the draft guidance through May 31 – and would be well-served to familiarize themselves with the new FAQs before doing so.


Contacts

Insights

Client Alert | 8 min read | 10.01.25

BIS Issues “Affiliates Rule” to Dramatically Expand Applicability of Entity and Military End-User Lists

On September 29, 2025, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced a sweeping Interim Final Rule (IFR), (the “Affiliates Rule”) expanding which entities qualify as Entity List or Military End-User entities, thereby subjecting those entities to elevated export control restrictions under the Export Administration Regulations (EAR). U.S. export restrictions applicable to entities on the Entity List, Military End-User (MEU) List, and Specially Designated Nationals and Blocked Persons (SDN List) now apply to foreign affiliates that are, in the aggregate, owned 50% or more by one or more of the aforementioned entities. An entity that becomes subject to these restrictions because of its ownership structure will be subject to the most restrictive controls that attach to any of its parent entities, regardless of ownership stakes....