DCMA’s Cybersecurity Oversight Takes Shape: Revised CPSR Guidebook Outlines DFARS Safeguarding Clause Audit Standards

Client Alert | 1 min read | 03.06.19

Following guidance issued by Under Secretary of Defense Lord, the Defense Contract Management Agency (DCMA) has revised its Contractor Purchasing System Review (CPSR) Guidebook to incorporate new standards DCMA auditors will use to assess contractor supply chain management under the DFARS Safeguarding Clause 252.204-7012. Notably, the new standards require contractors to “validate” that their subcontractors have information systems “that can receive and protect” Covered Defense Information (CDI) and to “determine” whether subcontractor systems are “acceptable.” Other new standards require contractors to demonstrate:

How CDI is properly marked and securely transferred to subcontractors; and
How subcontractor notifications regarding requests to vary from the NIST requirements and the submission of cyber incident reports are managed and documented.

The revisions also emphasize that 252.204-7012 is not an indiscriminate flowdown and applies only where the subcontractor will be utilized for operationally critical support or performing duties that involve CDI.

Contacts

Evan D. Wolff
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2615
ZXdvbGZmQGNyb3dlbGwuY29t
Maida Oringher Lerner
Senior Counsel
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2596
bWxlcm5lckBjcm93ZWxsLmNvbQ==
Christopher D. Garcia
Counsel
- Washington, D.C.
  - D | +1.202.688.3450
Y2dhcmNpYUBjcm93ZWxsLmNvbQ==
Nicole Owren-Wiest
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2863
bm93cmVud2llc3RAY3Jvd2VsbC5jb20=
Michael G. Gruden
Counsel
- Washington, D.C.
  - D | +1.202.624.2545
bWdydWRlbkBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 1 min read | 11.04.24

OFCCP Invites Federal Contractors to Object to Production of their “Type 2 EEO-1 Reports” in Response to New FOIA Request

On October 29, 2024, the Office of Federal Contract Compliance Programs (“ ”) published a notice in the Federal Register that it received two requests under the Freedom of Information Act (“ ”) for 2021 Type 2 EEO-1 Reports filed by federal contractors. The two requests came from the University of Utah and a non-profit organization named “As You Sow.” The notified federal contractors that the information might be protected from disclosure under Exemption 4, which protects disclosure of confidential commercial information, and requested that any entities that filed these reports and object to their disclosure submit objections by December 9, 2024. Objectors are strongly encouraged to use the portal. Alternatively, contractors may also submit written objections via email at OFCCPSubmitterResponse@dol.gov, or by mail. ...

Client Alert | 14 min read | 11.01.24
Protectionist Trade Policies in the New Administration: A Question of Degree
Client Alert | 23 min read | 10.31.24
Crowell Health Solutions Update: Key Developments in AI and Digital Health Signal Growing Federal Activity (Q3 2024)
Client Alert | 11 min read | 10.30.24
Are You, and Your Supply Chain, Ready for the Deforestation Regulation?

View All Insights