1. Home
  2. |Insights
  3. |Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors

Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors

Client Alert | 1 min read | 11.01.18

The Navy has recently issued a policy memorandum calling for heightened cybersecurity requirements and oversight for “critical” defense contractors handling covered defense information (CDI). The memo reflects a continued focus within the DoD on evaluating contractors’ compliance with the DFARS 252.204-7012 Clause, as well as a risk-based approach to going beyond it. 

The memo expands the Clause requirements in several significant respects, including:

  • Requiring fully implemented system security plans (SSPs) for government evaluation. 
  • Ensuring historically challenging cybersecurity requirements such as multifactor authentication are immediately met.
  • Imposing new cybersecurity requirements such as encryption at rest. 
  • Requiring contractors to allow the Naval Criminal Investigative Services (NCIS) to install “network sensors” on contractors’ information systems when NCIS intelligence detects a potential vulnerability.

Selected Navy contractors should receive notice of these new requirements before the end of the year and may begin considering potential cost recovery strategies, such as requests for equitable adjustments.

Contacts

Insights

Client Alert | 1 min read | 07.08.26

CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117

As part of its ongoing effort to conform the Cost Accounting Standards (“CAS”) to generally accepted accounting principles (“GAAP”), the CAS Board published a final rule rescinding CAS 408 (Accounting for costs of compensated personal absence) and CAS 411 (Accounting for acquisition costs of material).  The CAS Board also rescinded CAS 404 (Capitalization of tangible assets) and CAS 409 (Depreciation of tangible capital assets) but retained certain requirements of CAS 404 and 409, which will be located in new paragraphs of CAS 405 (Accounting for unallowable costs).  Specifically, the CAS Board retained the requirements currently located at CAS 404-50(d)(1), CAS 409-50(e)(5), CAS 409-50(j)(1), and CAS 409-50(j)(4), which the CAS Board explained are necessary to protect the Government’s interests.  Otherwise, the CAS Board determined that the requirements of CAS 404, 408, 409, and 411 overlapped with GAAP such that GAAP “may be applied reasonably as a substitute for CAS to support contract cost and pricing.”...