January 2, 2018
Tutorial video and other resources created by Georgia PTAC
The Georgia Tech Procurement Assistance Center (GTPAC) recently unveiled invaluable new resources for businesses seeking to comply with the Department of Defense (DoD) cybersecurity requirements. They have produced a 20-minute instructional video which takes contractors step-by-step through the requirements and created a 127-page template that can be used to develop a Security Assessment Report, a System Security Plan, and a Plan of Action – documents called for under the requirements.
The Defense Federal Acquisition Regulation Supplement (DFARS) prescribes that DFARS clause 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”) be inserted in many DoD contracts.
In general, the clause requires that contractors provide adequate security on all applicable contractor information systems – and investigate and report on any compromises of such systems. The DFARS clause also requires contractors to:
- isolate malicious software,
- preserve and protect all media involved in a cyber incident,
- provide DoD with access to information or equipment for purposes of forensic analysis,
- assess damage as a result of a cyber incident, and
- “flow down” the clause in any subcontracts involving information covered by the requirements.
If you are a DoD contractor, it is very likely that your contract incorporates DFARS clause 252.204-7012, which is required in all solicitations and contracts, including those for the acquisition of commercial items. (Note: The clause is not required for solicitations and contracts solely for the acquisition of Commercial Off the Shelf – or COTS – items.)
To provide adequate security, DoD contractors covered by the DFARS clause are expected, at a minimum and effective immediately, to implement the standards set forth in National Institute of Standards and Technology (NIST) Special Publication 800-171 (Revision 1).
In general terms, to meet the government’s cybersecurity standards, contractors must assess their information systems, develop a security plan, and create an action plan. GTPAC’s template – available for download as a Word document on the same webpage where the video appears – provides a step-by-step process by which each of these tasks can be completed and documentation can be compiled.
Information and Assistance
The video and template were funded through a cooperative agreement with the Defense Logistics Agency and created with the support of the Georgia Institute of Technology. (The content of the video presentation does not necessarily reflect the official views of or imply endorsement by the U.S. Department of Defense, the Defense Logistics Agency, or Georgia Tech.) GTPAC is a part of the Enterprise Innovation Institute (EI2), Georgia Tech’s business outreach organization which serves as the primary vehicle to achieve Georgia Tech’s goal of expanded local, regional, and global outreach. EI2 is the nation’s largest and most comprehensive university-based program of business and industry assistance, technology commercialization, and economic development.
For further assistance with complying with DoD’s contractual cybersecurity requirements, please contact your nearest Procurement Technical Assistance Center (PTAC). In addition to expertise and resources regarding cybersecurity requirements, PTAC professionals can provide in-depth guidance on the full range of government contracting issues, all at little or no cost to you. Located in all 50 states, the District of Columbia, Guam, and Puerto Rico (and coming soon to the Virgin Islands), they can help you chart the right course for your business. Click here to Find your PTAC now.
For help with Government Contracting: contact your nearest Procurement Technical Assistance Center (PTAC). Funded through Cooperative Agreements between the U.S. Department of Defense and state and local governments/institutions, PTACs provide free and low-cost assistance in virtually all areas of government contracting.