Skip to content

Brought to you by

Dentons logo

Government Contracts Advisor

Industry insight & analysis

open menu close menu

Government Contracts Advisor

  • Home
  • About us

Department of Defense seeks to clarify contractor cybersecurity obligations

By Phillip Seckman
November 23, 2015
  • Data and Software Rights, Patent Rights and Cybersecurity
  • Government Contracts
Share on Facebook Share on Twitter Share via email Share on LinkedIn

Earlier this year, we reported on the Department of Defense’s (DOD) imposition of new and revised cybersecurity requirements on DOD prime and subcontractors. The new requirements reflected in DOD’s interim rule, among other things, expanded the clause governing unclassified controlled technical information to cover all “covered defense information,” replaced old safeguarding requirements, and expanded contractors’ reporting obligations in the event of a cyber incident. Since DOD released these new and revised requirements, which took effect immediately, contractors have been hustling to understand the requirements and to ensure full compliance.

Just last week, likely in an attempt to address some of the confusion surrounding the new and revised requirements in the interim rule, DOD released (1) updated Defense Federal Acquisition Regulation Supplement (DFARS) Procedures, Guidance and Information (PGI), and (2) Frequently Asked Questions (FAQs) covering network penetration reporting, safeguarding covered defense information, and cloud services. These two documents shed light on the manner in which DOD is implementing the cybersecurity requirements. For example, together the FAQs and the PGI:

• Explain why DOD replaced the security protections from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 with the NIST SP 800-171;

• Provide DOD’s interpretation of the security controls outlined in NIST SP 800-171;

• Describe how covered defense information and operationally critical support will be identified;

• Provide examples of operationally critical support;

• Clarify that the DOD Cyber Crime Center is the “operational focal point” for receiving reports of cyber threats and cyber incidents; and

• Dictate the roles and responsibilities of the Contracting Officer and/or the requiring activity in, among other things, identifying and marking unclassified controlled technical information, handling a reported cyber incident, and conducting damage assessment activities.

Contractors struggling with how, precisely, to implement DOD’s cybersecurity requirements should look to this issued guidance to see if it addresses the questions they have and use it in formulating their own compliance plans. Additionally, contractors should consider attending DOD’s recently-announced “Industry Implementation Information Day” on December 14, 2015, wherein the department will present a briefing regarding DOD’s new and revised cybersecurity requirements. Information on the industry day, including registration information, can be found here.

Dentons lawyers will continue to monitor key developments in this area and will be providing more information about contractors’ compliance obligations and best practices as part of the Public Contracting Institute’s series on government contracts cybersecurity. More information on the series can be found here.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Phillip Seckman

About Phillip Seckman

Phillip Seckman represents clients concerning government and commercial contract matters. His practice spans a broad range of subjects related to federal procurement law, state and local procurement law, and complex federal regulatory issues. He concentrates his practice in the areas of commercial item acquisitions, GSA schedule contracting, cybersecurity, compliance, internal investigations, and bid protests (both federal and state). A significant component of his practice involves government contract cost allowability, proper cost accounting, and contract cost and pricing issues.

All posts Full bio

RELATED POSTS

  • Government Contracts

For commercial item contractors, some improvements—mixed with new and old barriers—in DoD’s final rule on procurement of commercial items and accompanying guidebook

By Phillip Seckman and Steven Masiello
  • Events & Happenings
  • Government Contracts

National Defense Industrial Association Dinner

By Dentons Government Contracts Group
  • Data and Software Rights, Patent Rights and Cybersecurity
  • Government Contracts
  • GSA Schedule Contracting

Cybersecurity and your supply chain: What you don’t know may hurt you

By Phillip Seckman

About Dentons

Redefining possibilities. Together, everywhere. For more information visit dentons.com

Grow, Protect, Operate, Finance. Dentons, the law firm of the future is here. Copyright 2023 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. Please see dentons.com for Legal notices.

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2025 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site