Cyber Security Regulations Coming Due

If your company is a Department of Defense (DoD) contractor or subcontractor, the Department of Defense Cyber requirements are something you will need to understand and comply with by December 31, 2017.  The purpose of this article is not to go into detail on the requirements, but to alert you to their existence and where to find more information.

Having to comply with the regulations depends on what type of contract you have with the DoD and if within that contract, certain clauses are listed.  Commercial items that are bought “off the shelf” (no customization), are generally not required to have the clauses in their contracts.  Agricultural bulk products and petroleum products are subject to the regulations.

In general, the DoD clauses require contractors to safeguard certain information that is either on their internal system or network, or passing through their system or network.  The clauses also require the contractor to report cyber incidents that either affect certain information or that affect the contractor’s ability to perform “operationally critical support” requirements.  The contractor is also required to submit any malicious software discovered that was “isolated in connection with a reported cyber incident” to the DoD Cyber Crime Center.  If requested by the DoD, they also need to “submit media and additional information for damage assessment.”

The definition of information that needs to be protected is past the scope of this tip. However, the regulations that define it can be found here:  DFARS Regulations. Review DFARS clauses 252.204-7008 and 252.204-7012.

DoD has several programs, both regulatory and voluntary, to improve cyber security. They are using the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” as a framework for companies to follow when developing a cyber security program.  The standard is available here: NIST SP 800-171.

If you are doing business with the Department of Defense, take the time to understand their cyber security rules and regulations and be aware that implementation is due by December 31, 2017.  For more information, please contact the Wyoming SBDC Network PTAC at (307) 772-7372 or

Related Posts

Get Started Today

Contact your local small business advisor today for no-cost, confidential assistance

Accessibility Information

All Wyoming SBDC Network programs and services are provided to the public on a nondiscriminatory basis. Reasonable accommodations for persons with disabilities will be made if requested at least two weeks in advance. Language assistance services for clients with limited English proficiency will be provided. Contact: Jill Kline at (307) 766-3405 or [email protected]
Funded in part through a Cooperative Agreement with the U.S. Small Business Administration.

Se habla español

   Copyright © 2022-2023 Wyoming SBDC Network