Guidance for Assessing Compliance and Enhancing Protections Required by DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting

The following is guidance to assist acquisition personnel in the development of effective cybersecurity strategies to enhance existing protection requirements provided by DFARS clause 252.204-7012 and NIST SP 800-171:

Guidance for Assessing Compliance and Enhancing Protections Required by DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, OUSD(A&S) Memorandum, dated November 8, 2018, with links to the two documents below:

Strengthening Contract Requirements Language for Cybersecurity in the Defense Industrial Base, ASD(A) Memorandum, dated December 17, 2018, provides program offices and requiring activities with sample Statement of Work (SOW) language to support development of cybersecurity measures designed to enhance existing protection requirements provided by DFARS Clause 252.204-7012.

Addressing Cybersecurity Oversight as Part of a Contractor's Purchasing System Review (CPSR), USD(A&S) Memorandum, dated January 21, 2019, addresses leveraging DCMA’s CPSR process to review contractor procedures for the flow down of DoD CUI and for ensuring compliance with DFARS Clause 252.204-7012 and NIST SP 800-171.

Download PDF Viewer | Download Word Doc Viewer | Download PowerPoint Viewer | Download Excel Viewer