DFARS

Contractors Scrambling to Scope New DoD Cyber Framework

On January 30, 2020, the U.S. Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”) framework (CMMC overview here; CMMC Version 1.0 and appendices here).  By 2026, DoD plans to require CMMC certification for all defense contracts.  For companies looking to play a role – any role – in the defense industry supply chain, now is the time to develop, assess, and augment cybersecurity practices.

READ MORE

DFARS and DIB: Compliance Steps for DoD’s Newly Finalized Cybersecurity Rules for Contractors

Department of Defense Finalized Cybersecurity Rules for Contractors and Other Awardees. The First rule amends the Defense Federal Acquisition Regulation Supplement and went into effect on October 21, 2016 (“DFARS Rule”). The other rule modifies the previously voluntary DoD cybersecurity information sharing program (“DIB Rule”) and is set to come into effect on November 3, 2016. Aerial view of the Pentagon, the Department of Defense headquarters in Arlington, Virginia

For businesses that work with the U.S. Department of Defense (“DoD”), two important rules for safeguarding certain categories of sensitive information and reporting cyber incidents were recently finalized, updating the interim rules promulgated in late 2015. The first rule amends the Defense Federal Acquisition Regulation Supplement (“DFARS Rule”) and went into effect on October 21, 2016.  The second rule modifies the previously voluntary DoD cybersecurity information-sharing program in connection with the Defense Industrial Base (“DIB Rule”) and went into effect on November 3, 2016.

We previously explained the changes brought about by the interim rules. Here, we explain what changed after the rules’ comment periods, and provide suggestions for compliance.

READ MORE