“Miss Me with Rev. 3,” Says DoD: DoD Issues Class Deviation Linking DFARS 7012 to NIST SP 800-171, Rev. 2

Client Alert | 1 min read | 05.03.24

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012), specifying that contractors subject to the clause must comply with NIST SP 800-171, Revision 2. The deviation (labeled Deviation 2024-O0013) will delay the incorporation of NIST SP 800-171, Revision 3—which is set to be finalized in the next few weeks—into DFARS 7012.

The standard version of DFARS 7012 does not identify a specific NIST SP 800-171 Revision number, and has been interpreted by DoD as requiring compliance with NIST SP 800-171’s most current Revision. But with Revision 3’s final release looming, DoD has directed contracting officers to use Deviation 2024-O0013 in place of the standard clause moving forward, linking DFARS 7012 to Revision 2 for the time being.

In a press release announcing the deviation, DoD stated that the “intent of this class deviation is to provide industry time for a more deliberate transition upon the forthcoming release of [NIST SP 800-171, Revision 3].”

It is unclear when DoD plans to adopt Revision 3. However, contractors should take advantage of DoD’s reprieve to get familiar with Revision 3, as the DoD has previously indicated that it intends to incorporate NIST SP 800-171’s newest revision into both DFARS 7012 and its forthcoming Cyber Maturity Model Certification (CMMC) program.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Nkechi Kanu
Partner
- Washington, D.C.
  - D | +1 202.624.2872
bmthbnVAY3Jvd2VsbC5jb20=
Jacob Harrison
Associate
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2533
amhhcnJpc29uQGNyb3dlbGwuY29t

Insights

Client Alert | 3 min read | 09.15.25

Senate Finance Committee Looking to Take White River to the Train Station, Confirms DOJ Investigation into Tribal Tax Credits

On August 19, 2025, the U.S. Senate Committee on Finance (“Senate Finance Committee”) sent Paul Atkins, Chairman, U.S. Securities and Exchange Commission (“SEC”) a letter calling on the SEC to investigate White River Energy Corp (“White River”). In the letter, the Senate Finance Committee confirmed a criminal investigation into White River related to the sale of so-called “tribal tax credits” that according to both Congress and the IRS, do not exist. The letter further states that White River allegedly earned millions of dollars selling these credits and has not been forthcoming with investors regarding the existence of the criminal investigation. According to the Senate Finance Committee, White River has failed to file financial disclosure documents with the SEC since March 15, 2024, missing six consecutive reporting periods. The letter instructs White River to disclose the existence of the DOJ criminal tax investigation, and calls on the SEC to take action if White River fails to do so....

Client Alert | 4 min read | 09.12.25
SBA’s OHA Further Defines Extraordinary Action in SDVOSB Appeal
Client Alert | 6 min read | 09.11.25
U.S. Department of Commerce Partially Relaxes Export Controls on Syria
Client Alert | 9 min read | 09.11.25
One Year After Illumina/Grail – How Are EU Competition Authorities Now Dealing With Below-Threshold Mergers

View All Insights