The Department of Defense (“DoD”) held an “Industry Information Day” on June 23, 2017 to address questions regarding DFARS Case 2013-D018 “Network Penetration and Reporting for Cloud Services,” including DFARS clauses 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” and 252.239-7010 “Cloud Computing Services.” DoD’s presentation lasted approximately four hours and covered a wide range of topics relating to DoD’s expectations for contractor implementation of cybersecurity requirements for information systems where controlled defense information (“CDI”) is processed, resides or transits. On the panel and responding to attendees’ questions were representatives of DoD’s Chief Information Officer, the Office of the Under Secretary of Defense for Acquisition, Technology and Logistics, and the Defense Information Systems Agency.
An in-depth discussion of key highlights from the briefing are provided in the attached Alert.