Cyber Security-Covered Defense Information

Joe Whitcomb
Whitcomb Selinsky, PC
Contact
LinkedIn
Facebook
X
Send
Embed

Whitcomb Selinsky, PC

The Department of Defense recently released new guidance regarding cybersecurity regulations for all defense contractors. A new clause in the Defense Federal Acquisition Regulations Supplement, added on Sept. 17, 2017, DFARS 252.204-7012, describes how Covered Defense Information (CDI) must be protected inside the contractor's system(s) and their use of the cloud. This is a new clause for government procurement personnel and contracting officers, issued by the Office of the Under Secretary of Defense.

A NEW WAY OF DOING BUSINESS

Many U.S. defense contractors, especially small and medium-sized businesses have been struggling with the strict regulations that are designed to protect Covered Defense Information (CDI). This new category of information refers to unclassified information that is considered sensitive. This new clause is now included in all DoD solicitations other than Commercial-Off-the-Shelf (COTS) Procurements.

It stipulates that all defense contractors who handle CDI must be compliant with the wide-ranging set of security controls including all of the requirements prescribed in the NIST Special Publication 800-171; "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations." Compliance must be met no later than December 31, 2017. (More details and resource links are available at www.eresilience.com/dfars-7012

The new guidance issued by Office of the Secretary of Defense encourages all contracting officers to specify what type of information will be considered to be CDI under the contract. It also recommends contractors perform careful assessments to determine needed infrastructural and organizational changes that will be required for their systems, policies, and procedures that will be necessary to meet the DFARS compliance requirements. These can include identifying where in-house efforts are needed and when assistance from qualified third parties with expertise and certifications in complex NIST cybersecurity implementations may be necessary.

DO YOU NEED LEGAL ADVICE FROM AN EXPERIENCED GOVERNMENT CONTRACT LAW FIRM?

Navigating cyber-security and its application to government contracts can be a challenge. There are various legal regulations and considerations at play, which can make it difficult to understand the proper course of action. But a knowledgeable government attorney can make all of the difference, helping you avoid pitfalls and resolve any issues that might arise.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Whitcomb Selinsky, PC | Attorney Advertising

Written by:

Whitcomb Selinsky, PC
Whitcomb Selinsky, PC
Contact
more
less

Whitcomb Selinsky, PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide