Archives: Department of Defense

Subscribe to Department of Defense RSS Feed

Upcoming Seminar: Cybersecurity for Defense Contractors and Manufacturers

Join Taft attorneys Barbara Duncombe and Bill Wagner for a complimentary seminar on the DoD cybersecurity regulations on Oct. 18 at Taft’s Indianapolis office. They will participate in an informal, interactive discussion with Richard Banta and Alex Carroll from Lifeline Data Centers and Josh Griswold and Joe Turek from Chubb concerning recent developments (including cyber breaches), evolving standards of compliance and practical, effective risk mitigation strategies. Click here to register.

Topics will include:

  • Final preparations to ensure compliance with DoD’s
Read More

What Are A Defense Contractor’s Reporting Obligations When An Employee May Be Stealing Trade Secrets?

The recent sentencing of a former Boeing engineer for stealing trade secrets raised the question of whether a defense contractor has a duty to notify the Department of Defense (DoD) under the Safeguarding Covered Defense Information and Cyber Incident Reporting Regulation (DFARS 252.204-7012), when the contractor has knowledge that an employee may be stealing trade secrets.

1. The Sentencing of Mr. Justice for Economic Espionage and AECA and ITAR Violations.

Former Boeing Satellite Systems’ engineer and long-time employee Gregory Allen … Read More

10 Tips for Presenting Complex Cases In Arbitration

The American Arbitration Association (AAA) and its International Centre for Dispute Resolution (ICDR) recently created an aerospace, aviation and national security panel of arbitrators to handle complex, high-value aerospace, aviation, defense, cyber and security-related disputes. Similarly, AAA has a special panel of arbitrators to handle technology-related disputes. But what should companies involved in these types of arbitration cases expect?

Taft attorneys Bill Wagner and Michael Diamant recently published an article in Law360 with 10 tips for presenting complex cases in … Read More

DoD’s New Cybersecurity Regulations: How to protect yourself when a Government support services contractor wants to inspect your data and devices

DOD New Cybersecurity regulationsThe US Department of Defense’s (DoD) new cybersecurity regulations require defense contractors to cooperate with Government support services contractors investigating a “cyber incident that affects a covered contractor information system or the covered defense information residing therein or that affects the contractor’s ability to provide operationally critical support.”  DoD’s Defense Industrial Base Cybersecurity Activities Final Rule, 32 CFR 236.4(b), (m)(5) (effective Nov. 3, 2016); Response to Public Comments, 81 FR 68312 (Oct. 4, 2016).

It doesn’t take much imagination to … Read More

Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More

Webinar Replay Now Available on the New Defense Department Cybersecurity Rules

The U.S. Department of Defense published its Network Penetration Reporting and Cloud Computing Services regulations as an interim rule in August 2015 and updated them in December 2015.  Watch this new webinar replay at your convenience to learn about the regulations, how they may impact your business, and the concerns of industry groups. Click HERE to watch the webinar in its entirety.

 … Read More

Did China’s Agreement Not to Steal U.S. Intellectual Property Influence the Defense Department’s Decision to Grant a Two-Year Extension for Contractors to Comply with NIST SP 800-171’s Guidelines for Protecting Controlled Unclassified Information?

China

On June 4, 2015, the Office of Personnel Management announced that personally identifiable information for 4 million current and retired U.S. Government employees had been breached. China was suspected of having facilitated the breach.

Two weeks later, after the number of data breach victims had risen to 14 million, the National Institute of Standards and Technology (NIST) published its new Guidelines for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171.

We published our … Read More

Answers to Frequently Asked Questions on DoD’s New Cyber Security Regulations

faqDoD recently published answers to 43 frequently asked questions on the Department of Defense Network Penetration Reporting and Contracting for Cloud Services regulations.  The FAQs document is available here.  In addition, you can read our blogs posts on the new regulations below.

Read More

Checklist for Complying with the DoD Contracting for Cloud Services Regulations

*This is the fourth post in a four-part series detailing steps to help contractors meet compliance obligations under the new cyber security regulations implemented by the Department of Defense on Network Penetration Reporting and Contracting for Cloud Services. (Defense Federal Acquisition Regulation Supplement (“DFARS”) Parts 202, 204, 212, 239, and 252.)

Today’s post provides a compliance checklist for contracting for cloud services regulations relating to the new DoD cyber security regulations and also details the ramifications for failure to comply … Read More

Checklist to Comply with the Duties and Obligations of the Network Penetration Reporting Regulations

*This is the third post in a four-part series detailing steps to help contractors meet compliance obligations under the new cyber security regulations implemented by the Department of Defense on Network Penetration Reporting and Contracting for Cloud Services. (Defense Federal Acquisition Regulation Supplement (“DFARS”) Parts 202, 204, 212, 239, and 252.)
Today’s post provides a handy compliance checklist relating to the new DoD cyber security regulations.

  1. Acquire a DoD-approved medium assurance certificate to report cyber incidents. (Source: DFARS 252.204-7012(c)(3)Check list
  2. Provide
Read More

New Key Terms for DoD’s New Cyber Security Regulations

terms*This is the second post in a four-part series detailing steps to help contractors meet compliance obligations under the new cyber security regulations implemented by the Department of Defense on Network Penetration Reporting and Contracting for Cloud Services. (Defense Federal Acquisition Regulation Supplement (“DFARS”) Parts 202, 204, 212, 239, and 252.)
Today’s post defines key terms relating to new DoD cyber security regulations.

The regulations introduce several new key terms.  Some of the terms appear vague and may impose more … Read More

Introduction to the New DoD Cyber Security Regulations

*This is the first post in a four-part series detailing steps to help contractors meet compliance obligations under the new cyber security regulations implemented by the Department of Defense (“DoD”) on Network Penetration Reporting and Contracting for Cloud Services. (Defense Federal Acquisition Regulation Supplement (“DFARS”) Parts 202, 204, 212, 239, and 252.)
Today’s post provides an introduction to the new DoD cyber security regulations.

Cloud securityThe DoD decided to implement the new cyber security regulations, and make them effective immediately upon … Read More

LexBlog