Are You Cyber Secure Under the DFARS Rule?

With a revised regulatory regime still rippling through the defense industry, DoD fundamentally reshaped the cybersecurity rules in the DoD Federal Acquisition Regulation Supplement in November 2013 by (1) imposing 51 mandatory security controls for DoD-controlled technical information; (2) requiring the DFARS "Safeguarding" clause in all DoD contracts and solicitations; (3) mandating that contractors flow down the requirements, even to commercial subcontractors; and (4) defining detailed reporting requirements for certain types of security  "incidents" or breaches. In a "View from Crowell & Moring: Getting Ahead of the DFARS Safeguarding Rule" published in Bloomberg BNA’s Federal Contracts Report, David Bodenheimer, Evan Wolff, and Kate Growley discuss the definitional gaps, compliance pitfalls, and practical pointers for determining the reach of the DFARS Safeguarding Rule, the mandate for "adequate security," the scope of the reporting requirements, and the emerging lessons learned in navigating these game-changing cybersecurity safeguards governing DoD procurements.