Key definitions defined by DFARS 252.204-7012: "Covered Contractor Information System" and "Controlled Technical Information" Covered contractor information system: Owned or operated by a contractor for processing, storing, or transmitting covered defense information. Controlled technical information: Military or space-application technical information subject to controls on access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Cyber incident: Actions resulting in adverse effects on an information system or its residing information. The new clause contains two principal requirements that apply to all contractors at every tier: Implement adequate security measures to safeguard unclassified controlled technical information within contractor information systems from unauthorized access and disclosure Report cyber incidents within 72 hours of the event We recommend starting the assessment process for your information system security to ensure compliance with the clause in future procurement solicitations or annual certifications.
Made with FlippingBook - Share PDF online