Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors

Client Alert | 1 min read | 11.01.18

The Navy has recently issued a policy memorandum calling for heightened cybersecurity requirements and oversight for “critical” defense contractors handling covered defense information (CDI). The memo reflects a continued focus within the DoD on evaluating contractors’ compliance with the DFARS 252.204-7012 Clause, as well as a risk-based approach to going beyond it.

The memo expands the Clause requirements in several significant respects, including:

Requiring fully implemented system security plans (SSPs) for government evaluation.
Ensuring historically challenging cybersecurity requirements such as multifactor authentication are immediately met.
Imposing new cybersecurity requirements such as encryption at rest.
Requiring contractors to allow the Naval Criminal Investigative Services (NCIS) to install “network sensors” on contractors’ information systems when NCIS intelligence detects a potential vulnerability.

Selected Navy contractors should receive notice of these new requirements before the end of the year and may begin considering potential cost recovery strategies, such as requests for equitable adjustments.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 6 min read | 04.29.26

CMS Seeks to Expand Interoperability Requirements to Drug Pre-Authorization (FAQ)

On April 10, 2026, the Centers for Medicare and Medicaid Services (CMS) issued a proposed rule (2026 CMS Interoperability Standards and Prior Authorization for Drugs, or CMS-0062-P) outlining the agency’s plans to impose new interoperability requirements on payors participating in certain Medicare and Medicaid programs. As described by the agency in a recent press release, the proposed rule “builds on” prior rulemaking by clarifying and enhancing interoperability requirements for payors’ prior authorization processes, specifically those associated with coverage requests for pharmaceutical therapies....

Client Alert | 8 min read | 04.27.26
Deadlock Broken: EU Adopts 20th Russia Sanctions Package
Client Alert | 5 min read | 04.27.26
Drift Protocol Exploit: Why “Social Trust” Is the Newest Cybersecurity Gap
Client Alert | 4 min read | 04.27.26
Gaming Addiction Litigation: Turner v. Epic Games & Roblox and What It Means for the Industry

View All Insights