The Wait Is Over: Final DFARS Safeguarding Rule Published Today
Client Alert | 1 min read | 10.21.16
Almost three years after its first iteration was published, DoD has finalized the DFARS Safeguarding Rule and corresponding DFARS clauses regarding the protection of “covered defense information” provided to or generated by defense contractors. Effective today, the Final Rule by and large reflects the same requirements of its interim versions and FAQs but with a few notable exceptions, including the definition of “covered defense information” now encompasses all forms of “controlled unclassified information” and thus aligns with the National Archive’s recent final rule, external cloud services housing covered defense information must comply with certain FedRAMP security requirements, and subcontractors must notify their primes when requesting variances from the security controls of NIST Special Publication 800-171.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 13 min read | 06.12.26
The EU Cyber Resilience Act (CRA) is an EU product cybersecurity law for connected products (formally, “products with digital elements” under the CRA) commercialized in the EU; it entered into force on 10 December 2024, with direct application across the EU. Full application begins 11 December 2027, but one of its most operationally demanding provisions takes effect in just under 100 days, on 11 September 2026: the mandatory vulnerability and incident reporting under Article 14 CRA.
Client Alert | 6 min read | 06.11.26
CMS Announces New Medicaid Eligibility Requirements: Implications for Managed Care Plans
Client Alert | 7 min read | 06.11.26
Qatar Rewrites the Playbook: What the New Public M&A Rules Mean for Market Participants
Client Alert | 2 min read | 06.11.26
Synthetic Performers, Real Consequences: Implications of Trailblazing New York AI Ad Law
