Navy Makes Waves By Increasing Cybersecurity Requirements for Select Defense Industrial Base Contractors

Client Alert | 1 min read | 11.01.18

The Navy has recently issued a policy memorandum calling for heightened cybersecurity requirements and oversight for “critical” defense contractors handling covered defense information (CDI). The memo reflects a continued focus within the DoD on evaluating contractors’ compliance with the DFARS 252.204-7012 Clause, as well as a risk-based approach to going beyond it.

The memo expands the Clause requirements in several significant respects, including:

Requiring fully implemented system security plans (SSPs) for government evaluation.
Ensuring historically challenging cybersecurity requirements such as multifactor authentication are immediately met.
Imposing new cybersecurity requirements such as encryption at rest.
Requiring contractors to allow the Naval Criminal Investigative Services (NCIS) to install “network sensors” on contractors’ information systems when NCIS intelligence detects a potential vulnerability.

Selected Navy contractors should receive notice of these new requirements before the end of the year and may begin considering potential cost recovery strategies, such as requests for equitable adjustments.

Contacts

Michael G. Gruden
Partner
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==
Kate M. Growley
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
  - D | +1.202.624.2698
- Washington, D.C. (CGA)
  - D | +1 202.624.2500
a2dyb3dsZXlAY3Jvd2VsbC5jb20=

Insights

Client Alert | 3 min read | 02.27.26

EEOC v. Coca-Cola Beverages Northeast, Inc.: Another Step Focused on the EEOC’s Goal of Eradicating Unlawful DEI-Related Practices

On February 17, 2026, the U.S. Equal Employment Opportunity Commission (EEOC) filed a complaint against Coca-Cola Beverages Northeast, Inc., in the United States District Court for the District of New Hampshire, alleging that the company violated Title VII of the Civil Rights Act of 1964 (Title VII) by conducting an event limited to female employees. The EEOC’s lawsuit is one of several recent actions from the EEOC in furtherance of its efforts to end what it refers to as “unlawful DEI-motivated race and sex discrimination.” See EEOC and Justice Department Warn Against Unlawful DEI-Related Discrimination | U.S. Equal Employment Opportunity Commission....

Client Alert | 6 min read | 02.27.26
Major Questions, Major Drama
Client Alert | 4 min read | 02.27.26
New Jersey Expands FLA Protections Effective July 2026: What Employers Need to Know
Client Alert | 3 min read | 02.26.26
FERC Requires Refunds for Late QF Recertification

View All Insights