• Achieving Cyber-Fitness in 2017: Part 2—Looking Beyond the FAR and DFARS—Other Safeguarding and Reporting Requirements
  • May 10, 2017 | Authors: Melinda R. Biancuzzo; Townsend L. Bourne; John W. Chierichella; Laura E. Jehl
  • Law Firm: Sheppard, Mullin, Richter & Hampton LLP - Washington Office
  • In Part 1, we discussed the cybersecurity requirements applicable to federal contract information under Federal Acquisition Regulation 52.204-21(b)(1) and covered defense information (CDI) under Defense FAR Supplement 252.204-7012, which requires contractor compliance by December 31. See 59 GC ¶ 25. In Part 2, we examine other safeguarding and reporting requirements for unclassified information, including agency-specific regulations, of which Government contractors should be aware. Many of these requirements have been in place for years, and your company may already have plans and processes for compliance. However, it is worth reexamining these requirements and considering the data and systems they affect, as well as how security may be improved when planning for compliance with the DFARS rule by December 31.