DFARS 252.204-7012

What is it?

Defense Federal Acquisition Regulations 252.204-7012 governs the requirements for Defense Federal Contractors to maintain Basic Cybersecurity for Federal Contract Information (FCI) as well as Cyber Incident Reporting requirements for all Defense Contractors.

Who does it apply to?

Defense Contractors and members of the Defense Industrial Base (DIB) will be required to abide by this regulation. Contractors with CUI will be required to abide by stricter security requirements in DFARS 252.204-7021, however the reporting requirements for incidents are governed under this regulation.

What do you have to do about it?

DFARS 252.204-7012 stipulates contractors must implement and maintain “Basic” Cybersecurity Hygiene. This regulation lays out the 17 controls Defense contractors must implement as part of CMMC Level 1 “Basic Cybersecurity Hygiene”. These controls are similar to the controls require for all FCI under FAR 52.204-21. Furthermore, this is the regulation that governs cyber incident reporting requirements which all Defense contractors must abide by, even those with CUI whose protection requirements fall under the stricter CMMC Level 2 requirements.

How can we help?

Here at SherTech we will help you every step of the way. From Gap Assessments to identify inadequate controls, to System Security design and CMMC Level 1 implementation.