Narrow by location

DCMA to Audit Compliance With DFARS Cyber Flowdown Requirements

Technology

By

For over a year now, federal defense contractors have been required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (see our recent firm alert). Recently, however, the Department of Defense (DoD) announced in a memorandum to DoD officials that it has “asked” the Director of the Defense Contract Management Agency (DCMA) to begin auditing contractor compliance with the cybersecurity requirements described in DFARS Clause 252.204-7012.

More specifically, the memorandum states that “to effectively implement the cybersecurity requirements addressed in” DFARS Clause 252.204-7012 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, DoD has instructed DCMA to “leverage its review of a contractor’s purchasing system in accordance with DFARS Clause 252.244-7001, Contractor Purchasing System Administration,” in order to:

  • “Review Contractor procedures to ensure contractual DoD requirements for marking and distribution statements on DoD CUI flow down appropriately to their Tier 1 Level Suppliers;” and
  • “Review Contractor procedures to assess compliance with their Tier 1 Level Suppliers with DFARS Clause 252.204-72 and NIST SP 800-171.”

As the memorandum explains, DFARS Clause 252.204-7012 “requires contractors to implement” NIST SP 800-171 “as a means to safeguard the [DoD’s CUI] that is processed, stored or transmitted on the contractor’s internal unclassified information system or network.” Federal contractors, in turn, “are required to flow down this clause in subcontracts for which subcontract performance will involve DoD’s CUI.”

In light of this new development, federal contractors would be wise to review and document their compliance with the subject requirements set forth in DFARS Clause 252.204-7012 and NIST SP 800-171.

For more, visit buildsmartbradley.com.

 

Is Your Company Ready for the Beta User Experience?

By Jay Snyder, From FMI As the built environment seeks out ways to alleviate industry pressures, startup technology... »

Three Ways Technology Is Changing How We Look at a Construction Site

Reposted with permission from constructionexec.com, January 24, 2019, all rights reserved. Copyright 2019. Technology is helping the construction industry... »

The Future of Extraterrestrial Construction

Reposted with permission from constructionexec.com, January 30, 2019, all rights reserved. Copyright 2019. Exploring and colonizing Mars presents a... »

Cybersecurity Violations Potentially Actionable under the False Claims Act

By Aron C. Beezley, Bradley A California federal court recently allowed a relator’s False Claims Act suitagainst two... »

LEAVE YOUR COMMENT

Your email address will not be published. Required fields are marked *