Cyber Security and Federal Government Contracts
When you submit a proposal for most Department of Defense (DoD) contracts you are in effect saying that you are ”in compliance” with the requirements cited in the Department of Defense Federal Acquisition Regulations, otherwise known as DFARs.
DFAR 252.204-7012, states:
Full compliance was required no later than December 31, 2017 for contracts awarded prior to that date. Compliance is effective immediately with the standards set forth in the National Institute of Standards and Technology (NIST) Special Publication 800-171 (Revision 1) and required for all Department of Defense contracts that include the Defense Acquisition Regulation (DFAR) Clause 252.204-7014, Safeguarding Covered Defense Information and Cyber Incident Reporting.
Therefore, you will also, at a minimum, be required to:
This may all sound somewhat overwhelming to many small businesses, so I suggest that you view the following video put together by our colleagues at the Georgia Tech Procurement Assistance Center:
You may also want to review the information concerning NIST SP 800-171, which can be found at:
And ask your APAC Procurement Counselor for more information concerning specific solicitations, awards, and requirements. Reach out to us in Central Arkansas at 501-671-2390 or in Northwest Arkansas at 501-650-6180. Outside office hours you may send an e-mail to APAC@uaex.edu and we will have a Procurement Counselor contact you when offices reopen.
To end on a happy note: this requirement does NOT apply to solicitations and contracts for the acquisition of Commercial off the Shelf (COTS) items.