On June 16, 2022, the Department of Defense (DoD) issued a memorandum to its contracting officers emphasizing their obligation to monitor compliance by DoD contractors with the cybersecurity requirements of their contracts. By this memorandum, the DoD has signaled renewed interest in cybersecurity compliance and enforcement, joining a trend set by the Department of Justice (DOJ), the U.S. Securities and Exchange Commission, and other state and federal agencies.
In the memorandum, the DoD directs contracting officers to monitor compliance with the requirements articulated in Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (Clause 7012). Clause 7012 requires contractors that maintain "covered contractor information systems"1 to protect those systems by implementing the cybersecurity measures articulated in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (800-171).
The DoD memorandum does not announce any new substantive requirements. It appears to have been issued for one purpose: to remind contracting officers that they should monitor cybersecurity compliance and seek remedies for material breaches, including "terminating the contact, in part or in whole."
The Cybersecurity Requirements of DFARS Clause 7012
Since December 2017, as we previously noted, DoD contractors have been subject to Clause 7012, which requires contractors to provide adequate security for Controlled Unclassified Information, including...
Albany, NY (WRGB) — A Poughkeepsie man who previously went to federal prison for an insurance fraud scheme is now facing new federal charges after investigators say he ran a similar operation agai...