The Department of Defense recently released new guidance regarding cybersecurity regulations for all defense contractors. A new clause in the Defense Federal Acquisition Regulations Supplement, added on Sept. 17, 2017, DFARS 252.204-7012, describes how Covered Defense Information (CDI) must be protected inside the contractor's system(s) and their use of the cloud. This is a new clause for government procurement personnel and contracting officers, issued by the Office of the Under Secretary of Defense.
A New Way of Doing Business
Many U.S. defense contractors, especially small and medium-sized businesses have been struggling with the strict regulations that are designed to protect Covered Defense Information (CDI). This new category of information refers to unclassified information that is considered sensitive. This new clause is now included in all DoD solicitations other than Commercial-Off-the-Shelf (COTS) Procurements.
It stipulates that all defense contractors who handle CDI must be compliant with the wide-ranging set of security controls including all of the requirements prescribed in the NIST Special Publication 800-171; "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations." Compliance must be met no later than December 31, 2017. (More details and resource links are available at www.eresilience.com/dfars-7012
The new guidance issued by Office of the Secretary of Defense encourages all contracting officers to specify what type of information will be considered to be CDI under the contract. It also recommends contractors perform careful assessments to determine needed infrastructural and organizational changes that will be required for their systems, policies, and procedures that will be necessary to meet the DFARS compliance requirements. These can include identifying where in-house efforts are needed and when assistance from qualified third parties with expertise and certifications in complex NIST cybersecurity implementations may be necessary.
Do You Need Legal Advice from an Experienced
Government Contract Law Firm?
Navigating cyber-security and its application to government contracts can be a challenge. There are various legal regulations and considerations at play, which can make it difficult to understand the proper course of action. But a knowledgeable government attorney can make all of the difference, helping you avoid pitfalls and resolve any issues that might arise.
If you are in need of assistance with government contracts or other related matters, please do not hesitate to contact Whitcomb, Selinsky, PC immediately. Located in Denver, Colorado, you can reach the attorneys at Whitcomb, Selinsky, PC by phone at (303) 534-1958 or online by completing a simple form.
Joe Whitcomb
