Narrow by location

DCMA to Audit Compliance With DFARS Cyber Flowdown Requirements

Technology

By

For over a year now, federal defense contractors have been required to comply with Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (see our recent firm alert). Recently, however, the Department of Defense (DoD) announced in a memorandum to DoD officials that it has “asked” the Director of the Defense Contract Management Agency (DCMA) to begin auditing contractor compliance with the cybersecurity requirements described in DFARS Clause 252.204-7012.

More specifically, the memorandum states that “to effectively implement the cybersecurity requirements addressed in” DFARS Clause 252.204-7012 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, DoD has instructed DCMA to “leverage its review of a contractor’s purchasing system in accordance with DFARS Clause 252.244-7001, Contractor Purchasing System Administration,” in order to:

  • “Review Contractor procedures to ensure contractual DoD requirements for marking and distribution statements on DoD CUI flow down appropriately to their Tier 1 Level Suppliers;” and
  • “Review Contractor procedures to assess compliance with their Tier 1 Level Suppliers with DFARS Clause 252.204-72 and NIST SP 800-171.”

As the memorandum explains, DFARS Clause 252.204-7012 “requires contractors to implement” NIST SP 800-171 “as a means to safeguard the [DoD’s CUI] that is processed, stored or transmitted on the contractor’s internal unclassified information system or network.” Federal contractors, in turn, “are required to flow down this clause in subcontracts for which subcontract performance will involve DoD’s CUI.”

In light of this new development, federal contractors would be wise to review and document their compliance with the subject requirements set forth in DFARS Clause 252.204-7012 and NIST SP 800-171.

For more, visit buildsmartbradley.com.

 

What Construction Doesn’t Understand About Data

Reposted with permission from constructionexec.com, July 24, 2019, all rights reserved. Copyright 2019 Data. It’s a word many use... »

Capital Efficiency: Integrated Project Control Using Blockchain Technology

Reposted with permission from constructionexec.com, February 13, 2019, all rights reserved. Copyright 2019. The planning and execution of projects... »

What Happens to Construction Tech During an Economic Downturn?

By FMI Corporation, From FMI Although the U.S. technology market has been on a full growth swing since... »

Amazon Business Shakes Up Building Product Manufacturers

By Russ Young, From FMI Building Product Manufacturers (BPMs) ought to be thinking about Amazon’s impact on the... »

LEAVE YOUR COMMENT

Your email address will not be published. Required fields are marked *