Cyber Security Solutions

DFARS 252.204-7012
Safeguarding Covered Defense Information and Cyber Incident Reporting


Cybersecurity is a major issue for government contractors and remains a hot button topic. As of January 2018, all Department of Defense (DOD) contractors that store, process, or transmit Covered Defense Information (CDI) are subject to DFARS 252.204‐7012.

Prime contractors must flow down the DFARS cybersecurity requirements to subcontractors and may need to take additional steps to verify subcontractor compliance. Contractors and subcontractors that are not in compliance face potentially serious consequences, both in terms of getting new awards, and continuing performance of current contracts.

The DOD is directing contractors to extend their cyber defense and reporting requirements beyond their recognizable supply chain. Our subject matter experts have developed a procurement file process that implements policy, procedures and associated practices to assist in the implementation of DOD Cybersecurity requirements. Contractors must now adhere to more rigid requirements than in the past.

  • Provide adequate security of information systems in accordance with certain published standards.
  • Investigate and report actual or apparent cyber breaches.
  • Preserve affected media and systems.
  • Grant DOD access to facilities and data for investigation and possible damage assessment.