Skip to content

Brought to you by

Dentons logo

Government Contracts Advisor

Industry insight & analysis

open menu close menu

Government Contracts Advisor

  • Home
  • About us

Department of Defense seeks to clarify contractor cybersecurity obligations

By Phillip Seckman
November 23, 2015
  • Data and Software Rights, Patent Rights and Cybersecurity
  • Government Contracts
Share on Facebook Share on Twitter Share via email Share on LinkedIn

Earlier this year, we reported on the Department of Defense’s (DOD) imposition of new and revised cybersecurity requirements on DOD prime and subcontractors. The new requirements reflected in DOD’s interim rule, among other things, expanded the clause governing unclassified controlled technical information to cover all “covered defense information,” replaced old safeguarding requirements, and expanded contractors’ reporting obligations in the event of a cyber incident. Since DOD released these new and revised requirements, which took effect immediately, contractors have been hustling to understand the requirements and to ensure full compliance.

Just last week, likely in an attempt to address some of the confusion surrounding the new and revised requirements in the interim rule, DOD released (1) updated Defense Federal Acquisition Regulation Supplement (DFARS) Procedures, Guidance and Information (PGI), and (2) Frequently Asked Questions (FAQs) covering network penetration reporting, safeguarding covered defense information, and cloud services. These two documents shed light on the manner in which DOD is implementing the cybersecurity requirements. For example, together the FAQs and the PGI:

• Explain why DOD replaced the security protections from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 with the NIST SP 800-171;

• Provide DOD’s interpretation of the security controls outlined in NIST SP 800-171;

• Describe how covered defense information and operationally critical support will be identified;

• Provide examples of operationally critical support;

• Clarify that the DOD Cyber Crime Center is the “operational focal point” for receiving reports of cyber threats and cyber incidents; and

• Dictate the roles and responsibilities of the Contracting Officer and/or the requiring activity in, among other things, identifying and marking unclassified controlled technical information, handling a reported cyber incident, and conducting damage assessment activities.

Contractors struggling with how, precisely, to implement DOD’s cybersecurity requirements should look to this issued guidance to see if it addresses the questions they have and use it in formulating their own compliance plans. Additionally, contractors should consider attending DOD’s recently-announced “Industry Implementation Information Day” on December 14, 2015, wherein the department will present a briefing regarding DOD’s new and revised cybersecurity requirements. Information on the industry day, including registration information, can be found here.

Dentons lawyers will continue to monitor key developments in this area and will be providing more information about contractors’ compliance obligations and best practices as part of the Public Contracting Institute’s series on government contracts cybersecurity. More information on the series can be found here.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Phillip Seckman

About Phillip Seckman

Phillip Seckman represents clients concerning government and commercial contract matters. His practice spans a broad range of subjects related to federal procurement law, state and local procurement law, and complex federal regulatory issues. He concentrates his practice in the areas of commercial item acquisitions, GSA schedule contracting, cybersecurity, compliance, internal investigations, and bid protests (both federal and state). A significant component of his practice involves government contract cost allowability, proper cost accounting, and contract cost and pricing issues.

All posts Full bio

RELATED POSTS

  • Claims and Terminations
  • Commercial Products and Services
  • Government Contracts

DC Office to Host ABA Committee Panel on Recent Trends in Subcontractor Claims and Disputes

By Dentons Government Contracts Group
  • Events & Happenings
  • Government Contracts

MLA Team Attends Camp Pendleton Day

By Dentons Government Contracts Group
  • Commercial Products and Services
  • Government Contracts

Government and Commercial Contract Compliance Briefing

By Dentons Government Contracts Group

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2022 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site