Time for Compliance with DOD’s Cybersecurity Regulations is NOW
On February 19, 2024, the Department of Justice notified the U.S. District Court for the Northern District of Georgia that it would intervene in a False Claims Act case filed against Georgia Tech Research Corporation and Georgia Institute of Technology for not complying with the requirements of DFARS 252.204-7012 and National Institute of Standards and Technology Special Publication 800-171.
All Department of Defense solicitations and contracts contain DFARS clause 252.204-7012. DFARS 252.204-7012 requires a contractor to assess its compliance with 110 cybersecurity controls set out in the NIST 800-171 if the Company has controlled unclassified information. Specifically, pursuant to DFARS 252.204-7012, contractors must implement all of the NIST 800-171 requirements and upload the results of that assessment to the Department of Defense’s Supplier Performance Risk System, or have a plan of action and milestones in place for any requirement the contractor has not yet implemented.
To read the full post, please visit our Government Contracts Navigator blog.