The Charles IT Blog

Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012 covers everything contractors must know about safeguarding covered defense information (CDI) and reporting cyber incidents. The Department of Defense (DoD) implemented DFARS 7012 to guide contractors and their suppliers on how to secure CDI that they store, transmit, or process. 

Working as a contractor for the DoD requires compliance with the DFARS 252.204-7012 rules, which are based on the globally recognized NIST 800-171 guidelines. Meeting these rules is not a one-time fix, but rather something that must be maintained with continuous monitoring and improvement. Above all, security must take a proactive stance, in which contractors have the necessary systems and ...

DFARS 252.204-7012 Security Requirement 3.12.4 requires contractors of the Department of Defense to create and regularly update a system security plan. This plan should describe the boundaries of your systems and the relationships between these systems.

Keeping up with the demands of compliance is a constant challenge, especially for companies operating in a highly regulated sector like the Defense Industrial Base. DFARS 252.204-7012 compliance, which is based on the NIST 800-171 framework, comes with many responsibilities and obligations. To maintain your existing contracts, as well as win requests for proposals for lucrative new projects, it ...

Every business faces a unique set of risks across a number of key domains. If your company stores, processes, or transmits controlled unclassified information (CUI) in the capacity of a defense contractor then you will need to ensure all these risk areas are accounted for. This is essential for upholding your DFARS 252.204-7012 obligations and winning new contracts from the DoD.

In the days of widespread virtualization and cloud computing, it might seem physical security is no longer as relevant as it once was. However, this is simply not the case. All data has to live somewhere on a physical device, be that in a major data center used by hundreds of other companies or in an in-house server room exclusive to one business. While companies might not have any direct control ...

There’s a wide range of cybersecurity tools that organizations can use to reduce the risks of data compromise. However, there’s an equally wide variety of cyberthreats, and staying ahead of these requires extensive IT resources and cybersecurity knowledge. Different organizations also have to comply with various government regulations based on the type of data they handle.

The DFARS 252.204-7012 clause sets high standards governing the protection, sanitization, and secure destruction of controlled unclassified information (CUI). Compliance is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), which is the supply chain of the US DoD. Audits may be carried out at any time, so it is crucial that any organization ...

Unscheduled downtime costs businesses millions of dollars every year, but lost productivity is not the only threat. Maintaining the integrity of any information-bearing system is also essential for adhering to regulatory demands, such as those provided under the DFARS 252.204-7012 clause. Maintaining baseline configurations to ensure the integrity of information and security controls is also a ...

Organizations should not wait for a security incident to happen before developing an incident response (IR) plan. Some organizations, however, neglect to develop an IR plan due to plain old procrastination and wait for something to trigger them to take action. On the other hand, others simply do not have the resources to do so.