Skip to content

Brought to you by

Dentons logo

Government Contracts Advisor

Industry insight & analysis

open menu close menu

Government Contracts Advisor

  • Home
  • About us

DoD Clarifies Covered Defense Information Definition in Final Cyber Reporting Rule

By Phillip Seckman
October 7, 2016
  • Data and Software Rights, Patent Rights and Cybersecurity
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Department of Defense (DoD) on October 4, 2016, issued a rule finalizing cyber reporting regulations applicable to DoD contractors and subcontractors set forth in 32 CFR Part 236.  The rule finalizes an interim rule DoD issued on October 2, 2015 and  addresses cyber incident reporting obligations for DoD prime contractors and subcontractors.

Notably, the final rule clarifies the by now well-known definition of the term ‘covered defense information’ (“CDI”).  This same term is used in DFARS 252.204-7012.  This DFARS clause defines CDI to include four different categories: (1) covered technical information (“CTI”); (2) operations security; (3) export controlled information; and (4) any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.

Given the similarities of this final category to the definition of controlled unclassified information (“CUI”) promulgated in connection with the National Archives and Records Administration’s (NARA)  rule, we have understood this latter category to include CUI identified by NARA pursuant to its efforts under EO 13556.  The DoD’s new final rule provides support for this understanding because it narrows the definition of CDI to only two categories:  (1) CTI and (2) CUI.  This modification accordingly appears to make clear that the “catch-all” category of CDI contained in DFARS 252.204-7012 was intended to align with NARA’s CUI efforts.

Importantly, this final rule makes no changes to the DFARS clause itself,  and it is likely that conforming changes will be made to the DFARS clause in a future revision.  The December 2015 version of the DFARS clause remains effective.  Nevertheless, in light of the final rule contractors and subcontractors seeking to understand the scope of the CDI  under the DFARS clause should include CUI in their review as they await further revision to the clause.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Phillip Seckman

About Phillip Seckman

Phillip Seckman represents clients concerning government and commercial contract matters. His practice spans a broad range of subjects related to federal procurement law, state and local procurement law, and complex federal regulatory issues. He concentrates his practice in the areas of commercial item acquisitions, GSA schedule contracting, cybersecurity, compliance, internal investigations, and bid protests (both federal and state). A significant component of his practice involves government contract cost allowability, proper cost accounting, and contract cost and pricing issues.

All posts Full bio

RELATED POSTS

  • Data and Software Rights, Patent Rights and Cybersecurity
  • Government Contracts

DoD Final Rule – DIB Cybersecurity Information Sharing Program

By Dentons Government Contracts Group
  • Data and Software Rights, Patent Rights and Cybersecurity
  • Government Contracts

Department of Defense seeks to clarify contractor cybersecurity obligations

By Phillip Seckman
  • Data and Software Rights, Patent Rights and Cybersecurity
  • Events & Happenings
  • Government Contracts

Protecting Your IP as a Government Contractor

By Steven Masiello

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site