In October of 2016, the Department of Defense (DoD) issued the DFARS 252.204-7012.
The Defense Federal Acquisition Regulation Supplement, or DFARS, has been working to encourage DoD contractors to proactively comply with certain frameworks to achieve this goal.
Clause 252.204-7012, refers to Safeguarding Covered Defense Information and Cyber Incident Reporting, is the latest mandatory addition to this clause.Under the Clause, all contractors must comply with the National Institute of Standards and Technology’s Special Publication 800-171 (NIST SP 800-171), a framework that lays out how contractors must protect sensitive defense information and report cybersecurity incidents.
The DFARS consists of the requirements of the law including DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a significant effect on the public.The DFARS should be read in conjunction with the primary set of rules covered in the FAR.
These regulations require contractors and their suppliers to provide adequate security on all covered defense information that is processed, stored, or transmitted on the contractor’s internal information or data.DFARS Clause 252.204-7012 requires contractors/subcontractors to:1) Safeguard Covered Defense Information: that resides on or is transiting through a contractor’s internal information system or network2) Report Cyber Incidents: that affects a covered contractor data system ,the covered defense information, and the contractor’s ability to perform requirements designated as operationally critical support.3) Submit Malicious Software: discovered and isolated about a reported cyber incident to the DoD Cyber Crime Center4) Facilitate Damage Assessment: and additional information to support damage assessment if requestedAriento an ultimate option to choose to give a start.
Ariento has more than 30 years of National Security Cyber & IT expertise (Military & Federal Govt.)