Search the Community
Showing results for tags 'covered defense information'.
Regarding the Department of Defense's new cyber security rule (DFARS 252.204-7008 and -7012), does anyone have any experience submitting a notice to the DoD's Chief Information Officer of any of the prescribed information security standards that your company has not yet implemented? The provisions most relevant to my question are summarized below: 252.204-7008(b) - requires that the security requirements in 204-7012 for all "covered defense information" shall be incorporated into the contract. Those security standards, in turn, implement the standards in NIST SP 800-171. 252.204-70