Jump to content

Search the Community

Showing results for tags 'covered defense information'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Instructions and Terms of Use
    • Terms Of Use
    • Before You Register, Before You Post, Instructions for Writing Your Question
  • Contracting Forum
    • What Happened?
    • Polls
    • For Beginners Only
    • About The Regulations
    • COVID-19 And Its Effect on Contracting
    • Contracting Workforce
    • Recommended Reading
    • Contract Award Process
    • Contract Pricing Including CAS & Allowable Costs
    • Contract Administration
    • Schedules, GWACS, MACs, IDIQs
    • Subcontracts & Subcontract Management
    • Small Business, Socioeconomic Programs
    • Proposed Law & Regulations; Legal Decisions

Blogs

  • The Wifcon Blog
  • Don Mansfield's Blog
  • Government Contracts Blog
  • Government Contracts Insights
  • Emptor Cautus' Blog
  • SmallGovCon.com
  • The Contractor's Perspective
  • Government Contracts Legal Forum
  • NIH NITAAC Blog
  • NIH NITAAC Blog

Product Groups

There are no results to display.

Categories

  • Rules & Tools
  • Legal Opinions
  • News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 1 result

  1. Regarding the Department of Defense's new cyber security rule (DFARS 252.204-7008 and -7012), does anyone have any experience submitting a notice to the DoD's Chief Information Officer of any of the prescribed information security standards that your company has not yet implemented? The provisions most relevant to my question are summarized below: 252.204-7008(b) - requires that the security requirements in 204-7012 for all "covered defense information" shall be incorporated into the contract. Those security standards, in turn, implement the standards in NIST SP 800-171. 252.204-7008(c) - requires that by submitting a bid for a DoD contract, the offeror represents that it will implement all security requirements required in 204-7012 no later than 12/31/2017. 252.204-7012(b)(2)(ii)(A) - requires that, for all contracts awarded prior to 10/1/2017, the contractor must notify the DoD's CIO within 30 days of contract award of any of the NIST 800-171 security standards that are/were not implemented at the time of contract award. Does anyone have any experience making this 30-day notice to the DoD CIO? DoD guidance says that the purpose of this notice requirement is solely to give the agency general information on where contractors are in implementing the standards, but I'm somewhat skeptical that this is an "informational only" type of requirement. If anyone has made such a report, I would be curious to hear what DoD said in response and generally how that process went for you.
×
×
  • Create New...