From: The National Law Review
On January 27, 2017, the Department of Defense (DoD) issued an updated Frequently Asked Questions (FAQ) regarding the application and requirements of DFARS 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. Though questions remain regarding various nuances of the rule, the FAQ is a helpful document for those contractors still working on implementation of DFARS 252.204.7012. Divided into three sections ¾ (1) General Application, (2) Security Requirements, and (3) Cloud Computing ¾ the FAC provides answers to 59 commonly asked questions and provides greater clarity on a number of important points, which are discussed in greater detail below.
General Application
How do you handle contracts with conflicting security requirements: As DoD has now issued multiple versions of this rule over the last several years, some imposing different security standards, contractors may have contracts that require different and conflicting security requirements. The FAQ acknowledges this reality and informs contractors that DoD has instructed its contracting officers to work through these issues with contractors, with the goal of working towards consistent implementation of the most recent version of the rule. Contractors with older versions of the rule in their contracts are therefore well advised to engage their contracting officers and work towards a modification of outdated security requirements.
Leave a Reply