DoD Meets Contractors Half-Way at Industry Information Day
Client Alert | 1 min read | 06.28.17
On June 23, the Department of Defense hosted its highly anticipated Industry Information Day to respond to feedback received from the contracting community regarding last year’s finalization of DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. Top of mind for many in attendance was the looming end-of-year deadline to implement NIST SP 800-171, including its requirements regarding multifactor authentication. By the end of the session, however, DoD representatives repeatedly stated that contractors may use system security plans (SSPs) and plans of action and milestones (POAMs) to document their anticipated implementation of the required controls and thus comply with the Clause – even if the actual implementation of those controls extends beyond 2017. A revised set of FAQs is expected next month, which should provide additional details regarding this new guidance.
Contacts
Senior Counsel
She/Her/Hers
Insights
Client Alert | 2 min read | 01.14.25
On January 3, 2025, the FAR Council released a proposed rule titled Strengthening America’s Cybersecurity Workforce (the Proposed Rule). The Proposed Rule would amend the Federal Acquisition Regulation (FAR) by standardizing workforce criteria for cybersecurity and information technology support services contracts. The Proposed Rule implements a 2019 executive order, America’s Cybersecurity Workforce, which emphasized the strategic importance of a strong cybersecurity workforce. Comments will be accepted until March 4, 2025, and the FAR Council specifically invites comments on the Proposed Rule’s impact on small entities.
Client Alert | 8 min read | 01.13.25
Client Alert | 2 min read | 01.13.25
Client Alert | 1 min read | 01.10.25
FAR Council Withdraws Proposed Mandatory Climate Disclosures for Federal Contractor Rule
