Since August 2015, defense contractors have been on notice that they were required to implement the security controls in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171 no later than December 31, 2017 on covered contractor information systems.  Although the focus has been on meeting this deadline, contractors should add to their New Year resolutions compliance with other areas of DFARS 252.204-7012 (“DFARS Cyber Rule” or “Rule”) and confirm that their existing processes and procedures anticipate how the Department of Defense (“DoD”) will measure compliance with the Rule in the year to come.  In particular, contractors should assess whether they are providing “adequate security” beyond NIST SP 800-171, review their obligations with regard to their supply chain’s cyber risks,  understand how the System Security Plans and Plans of Action and Milestones could be used by the government and confirm that their incident response plan incorporates the requirements of the DFARS Cyber Rules.  The answers to these and other questions are included in the article that was originally published in Law360 and is linked here .

  [The referenced article was originally published in Law360.]

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Susan B. Cassidy Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government…

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.