Getting Started with DFARS 7012

Learn the basics about CDI and NIST 800-171 and how the compliance requirements may impact your DoD business.

WHAT IS CDI?

CDI, or Covered Defense Information, means unclassified controlled technical information or other information that requires safeguarding or dissemination controls. CDI is either marked (or otherwise identified) or developed/received in support of a contract. The complete definition is in the language of the DFARS 7012 clause.

WHO DECIDES WHAT IS CDI?

The government’s contracting officer has the responsibility for determining what data is and isn’t CDI.

HOW DO I PROTECT CDI?

Implement NIST SP 800-171 requirements by 12/31/2017
Follow DFARS 7012 (b)-(f)

WHAT IS NIST SP 800-171?

NIST SP 800-171 is the National Institute of Standards & Technology (NIST) document providing 110 recommended security requirements for protecting the confidentiality of CUI (Controlled Unclassified Information – a subset of CDI).

The DFARS 7012 clause says that you shall implement NIST SP 800-171 no later than Dec 31, 2017. Since the deadline has passed, you are now at risk of non-compliance if you have not implemented the requirements. The government will now apply a risk-based approach to awarding contracts that include handling of CDI.

WHAT DO YOU HAVE TO DO?

Understand what information you need to protect
Conduct an assessment to identify compliance gaps
Provide adequate security controls to protect CDI
Create an incident response plan
Train your employees
Institute continuous monitoring and improvement

Click Here to download the “DFARS 7012 Compliance in 6 Steps” Infographic.

Need to get compliant fast? Learn more about our DFARS as a Service Program.

WHERE ARE THESE REQUIREMENTS APPLIED?

On any system where you store, process, or access CDI.

WHEN IS COMPLIANCE DUE?

The December 31, 2017 deadline has passed; all CDI must now be safeguarded. If you handle CDI but are not yet fully compliant, it is urgent to complete your implementation of all 110 security controls of NIST 800-171 plus additional DFARS requirements as soon as possible.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_gat_gtag_UA_136970874_1	1 minute	No description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-others	1 year	No description