Understanding DFARS 7012 and its working

In October of 2016, the Department of Defense (DoD) issued the DFARS 252.204-7012. The Defense Federal Acquisition Regulation Supplement, or DFARS, has been working to encourage DoD contractors to proactively comply with certain frameworks to achieve this goal. Clause 252.204-7012, refers to Safeguarding Covered Defense Information and Cyber Incident Reporting, is the latest mandatory addition to this clause.

Under the Clause, all contractors must comply with the National Institute of Standards and Technology’s Special Publication 800-171 (NIST SP 800-171), a framework that lays out how contractors must protect sensitive defense information and report cybersecurity incidents. The DFARS consists of the requirements of the law including DoD-wide policies, delegations of FAR authorities, deviations from FAR requirements, and policies/procedures that have a significant effect on the public.

The DFARS should be read in conjunction with the primary set of rules covered in the FAR. These regulations require contractors and their suppliers to provide adequate security on all covered defense information that is processed, stored, or transmitted on the contractor’s internal information or data.

DFARS Clause 252.204-7012 requires contractors/subcontractors to:

1) Safeguard Covered Defense Information: that resides on or is transiting through a contractor’s internal information system or network

2) Report Cyber Incidents: that affects a covered contractor data system ,the covered defense information, and the contractor’s ability to perform requirements designated as operationally critical support.

3) Submit Malicious Software: discovered and isolated about a reported cyber incident to the DoD Cyber Crime Center

4) Facilitate Damage Assessment: and additional information to support damage assessment if requested

Ariento an ultimate option to choose to give a start. Ariento has more than 30 years of National Security Cyber & IT expertise (Military & Federal Govt.) applied to your technology needs. Our mission is to relieve the burdens that come up with the technology so that stakeholders can leverage the extraordinary benefits without any worry. We've done it at the highest levels of the U.S. military and federal government, we will do it for you.


Ariento can help in one of two ways:

Consulting - We conduct a 3-6 week assessment evaluation of your business as per the NIST framework. After conducting assessment you get a report card identifying each required NIST control with a determination of compliance for every control. In areas of non-compliance, we offer actionable recommendations for remediation that can easily be turned into a POA&M. We can also help implement recommendations.

Managed Solutions - We become your NIST compliant outsourced shop, making you compliant now and in the future as regulations require or change. We also conduct an annual assessment evaluation of your business as per the NIST framework, giving you a record of compliance year over year.

For more information about DFARS 7012, visit our website HERE; https://www.ariento.com/


DFARS 252.204-7012

Authors articles

Other articles