Stringent standards for cyber security

On October 21, 2016, the United States Department of Defense (DoD) updated theΒ Defense Federal Acquisition Regulations SupplementΒ (DFARS) with an updatedΒ rule. This updatedΒ rule replaced the prior Unclassified Controlled Technical Information (UCTI) Rule, and it imposed new, more stringent standards for cyber security. In addition, the updatedΒ rule expanded the information subject to safeguarding and implemented more thorough policies for safeguarding Covered Defense Information (CDI), whichΒ is tied to Controlled Unclassified Information (CUI) Registry. Baseline standards for reporting requirements were also bolstered by the updated rule, which has significantly more stringent procedures that must be followed for reporting cyber incidents.

The most important changes implemented in this latest version of the DFARS Clause 252.204-7012 include:

  • All contractors must be in full compliance with the requirements outlined in NIST 800-171
  • Contractors must report cyber incidents within 72 hours or less to the DoD
  • All non-compliant aspects must be reported to the DoD within 30 days after contract award
  • Compliance must extend to all operation aspects – all suppliers and subcontracts storing, processing and/or creating CDI that is part of contract performance

What does this mean for contractors?

 

The updated DFARS rule affects every aspect of how DoD contractors fulfill their contracts. Compliance must be maintained at every level of contract fulfillment, thus the revision to DFARS clause 252.204-7012 requires all suppliers and subcontractors to be in and maintain compliance with all operation aspects.Β Failure to meet the updated compliance requirements mayΒ result in a loss of current contracts and forfeiture of all future contracts.

Additional protocols have also been made necessary, including requiring contractorsΒ to complete a DFARS CDI Assessment (current cybersecurity posture) and report the findings to the DoD Chief Information Officer (CIO),Β within 30 days of contract award.

With the threat of cyber attacks escalating every day, the federal government is putting a higherΒ importance on addressing cyber security threats. Cyber compliance standards will continue to expand and intensify as digital threats become more sophisticated and will not lessen.

 

Share

Leave a Reply

Welcome

eDataPay handle direct Mids merchant account for merchants and Sub Merchants underwriting process, Risk Management, Gateway and eCommerce API integrations work and design relieving acquirers from the need to perform related administrative procedures.

Search

Related Post

S Corporation vs. LLC

S Corporation vs. LLC: How to Choose the Best Structure for Your Business Which corporate structure is best for your business? You may already be

Read More Β»