Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors
Client Alert | 1 min read | 11.01.18
The Navy has recently issued a policy memorandum calling for heightened cybersecurity requirements and oversight for “critical” defense contractors handling covered defense information (CDI). The memo reflects a continued focus within the DoD on evaluating contractors’ compliance with the DFARS 252.204-7012 Clause, as well as a risk-based approach to going beyond it.
The memo expands the Clause requirements in several significant respects, including:
- Requiring fully implemented system security plans (SSPs) for government evaluation.
- Ensuring historically challenging cybersecurity requirements such as multifactor authentication are immediately met.
- Imposing new cybersecurity requirements such as encryption at rest.
- Requiring contractors to allow the Naval Criminal Investigative Services (NCIS) to install “network sensors” on contractors’ information systems when NCIS intelligence detects a potential vulnerability.
Selected Navy contractors should receive notice of these new requirements before the end of the year and may begin considering potential cost recovery strategies, such as requests for equitable adjustments.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 1 min read | 03.20.26
HSR Form Rollback: What Dealmakers Need to Know Now
On March 19, 2026, a U.S. District Court for the Fifth Circuit panel denied the Federal Trade Commission’s (FTC) emergency motion for a stay pending appeal of a district court’s order that vacated the FTC’s 2024 overhaul of the HSR premerger notification form.
Client Alert | 6 min read | 03.20.26
Client Alert | 10 min read | 03.19.26
Client Alert | 7 min read | 03.19.26
