White Paper: Recent Department of Defense Guidance on Cybersecurity Requirements and Related Export Control Issues


(Source: Akin Gump Strauss Hauer & Feld LLP, 31 May 2018)

By: Authors: Robert K. Huffman, Esq., rhuffman@akingump.com, +1 202-887-4530; Kevin J. Wolf, Esq., kwolf@akingump.com, +1 202-887-4051; and Natasha G. Kohne, Esq., nkohne@akingump.com, +1 415-765-9505.  All of Akin Gump Strauss Hauer & Feld LLP

The U.S. Department of Defense (DoD) recently released two sets of guidance regarding Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The more recent set, “DoD Guidance for Reviewing System Security Plans and the NIST SP 800-171 Security Requirements Not Yet Implemented” 83 Fed. Reg. 17,807, was attached to an April 24, 2018 notice and request for comment. The other white paper contains updated Frequently Asked Questions that DoD issued on April 2, 2018 and examines the impact of these guidance documents on the role of contractor System Security Plans and Plans of Action and Milestones in source selection and contract performance, the proper interpretation of particular National Institute of Standards and Technology Special Publication 800-171 requirements, and the potential impact of DFARS Clause 252.204-7012 with respect to safeguarding and reporting requirements on export-controlled information resident in contractor information systems.

To access the white paper outlining more information, please click here.