Guidance for Assessing Compliance and Enhancing Protections Required by DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting

Guidance to assist acquisition personnel in the development of effective cybersecurity strategies to enhance existing protection requirements provided by DFARS clause 252.204-7012 and NIST SP 800-171.

Guidance for Assessing Compliance and Enhancing Protections Required by DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting

DoD Guidance for Reviewing System Security Plans and the NIST SP 800-171 Security Requirements Not Yet Implemented, is provided to:
- Enable the consistent review of System Security Plans and Plans of Action when such plans are required by the solicitation or contract to be provided to the Government.
- Address the impact of 'not yet implemented' security requirements on a contractor's unclassified internal information system.
- Provide clarification on implementing NIST SP 800-171 security requirements.

Guidance for Assessing Compliance of and Enhancing Protections for a Contractor's Internal Unclassified Information System, provides a framework of actions that can be tailored by a program office/requiring activity, commensurate with program risk, to assess the contractor's approach to providing adequate security to protect the Department's controlled unclassified information.

Strengthening Contract Requirements Language for Cybersecurity in the Defense Industrial Base

Addressing Cybersecurity Oversight as Part of a Contractor's Purchasing System Review

Strategically Implementing Cybersecurity Contract Clauses

Download PDF Viewer | Download Word Doc Viewer | Download PowerPoint Viewer | Download Excel Viewer