News | October 3, 2017

New Guidance Issued By Department Of Defense Regarding Cybersecurity Regulations For All Defense Contractors

Government and industry experts rush to provide updates and training to the defense contracting community, driven by December 31st deadline for DFARS 7012 cybersecurity compliance across the supply chain. Full-day training classes scheduled in San Diego and via nationwide live streaming Friday October 20th, and in Honolulu Monday October 23rd.

San Diego, CA /PRNewswire/ - Newly issued guidance for government procurement personnel and contracting officers, from the Office of the Under Secretary of Defense, indicates many U.S. defense contractors – especially small and medium sized businesses – are struggling with strict regulations designed to protect Covered Defense Information (CDI), a new category of information that is unclassified but still considered sensitive. The DFARS 252.204-7012 "Safeguarding Covered Defense Information and Cyber Incident Reporting" clause, now found in all DoD solicitations other than purely COTS procurements, stipulates that all defense contractors handling CDI must adopt a wide-ranging set of security controls including all 110 requirements prescribed by NIST Special Publication 800-171 "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations," no later than December 31, 2017. (More information and resource links are available at )

In response to the urgent need for awareness building, training, and legal interpretation of the clause and its impacts across the entire defense industry supply chain, nationwide training is being produced by the non-profit Cyber Collaboration Center, with speakers including Ms. Vicki Michetti (Office of the DoD CIO); Ms. Mary Thomas (Office of the Secretary of Defense); Alexander Major and Franklin Turner, defense contract law specialists from McCarter & English LLP; and Tim Williams, Technical Director of eResilience, a new division of cybersecurity firm Referentia Systems. "DFARS 7012 Cybersecurity Compliance Boot Camp" training sessions are scheduled Friday October 20th, 2017 from 0800 to 1630 PDT at the Hilton San Diego Airport / Harbor Island, with simultaneous live streaming available nationwide, and Monday October 23rd at the Cyber Collaboration Center in Honolulu.

"We've been working and communicating with hundreds of companies, and it's clear that training is the most important thing the industry can do to prepare for what is coming," said Nelson Kanemoto, founder of eResilience. "Implementing NIST guidelines and other requirements of DFARS 7012 is much more complicated than many companies realize. It goes way beyond the average IT skillset, and government-issued guidelines often have gray areas that require careful interpretation. These Boot Camp events will provide contractors and their executives, IT managers, Program Managers, and FSO's with an ideal mixture of government, legal, and technical education."

The new guidance issued by OSD encourages contracting officers to specify what type of information will be considered CDI under the contract, and recommends contractors do careful assessments to determine what organizational and infrastructural changes to their systems, policies, and procedures will be needed to adequately meet the DFARS compliance requirements. This can include identifying where in-house efforts will suffice versus where assistance from 3rd parties with expertise in complex NIST cybersecurity implementations may be necessary. The Boot Camp training sessions will help contractors make those distinctions.

The full-day DFARS training sessions cost $795; proceeds cover costs of the non-profit Cyber Collaboration Center's DFARS 7012 Awareness Campaign, including production of the Boot Camp training events, webinars, and other community outreach. For more information and to register for live or streamed classes, visit or email

About eResilience ( eResilience is a new division of Referentia Systems, a National Security Agency (NSA) Trusted Integrator, focused on commercial cybersecurity solutions, risk management and DFARS compliance services.

URL for OSD Guidance PDF:

SOURCE: eResilience

Copyright 2017 PR Newswire. All Rights Reserved