DOD Meeting Makes Clear DOD Cybersecurity Rule Will Trigger New Requirements
December 15, 2015
We previously notified you of a meeting on the new updated Department of Defense (DOD) rule on cybersecurity, DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (August 2015), and its October 2015 Class Deviation. The meeting, hosted by DOD, made clear that these new updated rules pose significant new obligations for DOD contractors and subcontractors. Your company's procurement and legal compliance representatives need to be on top of these matters.
Key Developments:
DOD considers the new obligations to be triggered under the clause when performance of the DOD contract or subcontract involves ?Covered Defense Information? (CDI) or operationally critical support (OCS). These significant obligations require contractor information systems to comply with new NIST 800-171 standards and, where the contractor uses cloud services, require notification and use of Government-approved cloud services providers for cloud storage or transmission under DOD contracts. Contractors are required to report a cyber incident that affects a covered system or the CDI, or that affects the contractors ability to perform the OCS requirements. Contractors have the right to seek additional compensation to meet these obligations, but to do so they must initiate specific steps before agreeing to the new terms.
Triggers:
Application of the clause is triggered if a DOD contract would provide the contractor, or the contractor otherwise would collect, develop, receive, transmit, use or store, of any of the following four types of CDI in support of performance of your DOD contract or subcontract:
- Controlled technical information [CTI].
- Critical information (operations security).
- Export controlled information.
- Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies (e.g., privacy, proprietary business information).
The clause also is triggered if the contractor would provide OCS, meaning supplies or services the Government designates as ?for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.
Requirements:
Compliance with the clause requires that a contractors covered systems and protection of CDI meet the new NIST SP 800-171 standards. Use of cloud services (CS) to store or transit CDI in performance of the contract requires DOD notice and use of DOD-approved cloud services. Contractors must rapidly report directly to DOD on a cyber incident that affects, or risks affecting, a covered contractor information system or CDI, or that affects the contractors ability to perform the operationally critical support requirements. Only pre-approved personnel can do the reporting. The requirements apply to contractors and subcontractors.
Takeaways and Next Steps:
- Ensure your company's procurement and legal compliance representatives are up to speed on these new, significant changes for DOD contracts.
- If asked to include the new clause in your existing contract, you have the right to seek compensation for the increased costs and time needed to address the additional requirements. You must notify the Contracting Officer (or your prime) of the impact of this change and your right to an equitable adjustment, and negotiate the terms before you accept the clause, or risk losing your right to seek compensation.
- New DOD procurements and contracts will include the clause. Proactively check whether they trigger clause requirements and factor your compliance costs, and any required waiver or approvals, into proposal preparations and the ultimate contract. Its likely that most companies will need to do something.
You have options. If you would like to understand your requirements or would like assistance in this area, please contact a FortneyScott attorney.
Join FortneyScott attorneys for a complimentary webinar on how employers should prepare for 2026 based on the significant changes in 2025. The Trump Administration begins 2026 with a quorum at the EEOC, new leadership at all the DOL agencies, and the likelihood that the NLRB quorum will be restored soon, so employers should expect aggressive action by all the workforce agencies. This session will provide critical insights into: What to expect from EEOC with its new quorum; An activated DOL, including the new Wage & Hour Division priorities, such as revisions to the Biden-era rules on white collar exemptions and joint employment; new Opinion Letters and compliance tools, how AI is being addressed, and expected developments; Whether OFCCP will survive in 2026, and changes affecting Federal contractors and grant recipients; and Practical steps employers should consider before 2026 begins. This is the final presentation in FortneyScott’s four-part Workplace Legal Compliance Webinar Series 2025, designed for in-house counsel, compliance professionals, HR leaders, and business executives.
Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives.
December 18, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a complimentary webinar on how employers should prepare for 2026 based on the significant changes in 2025. The Trump Administration begins 2026 with a quorum at the EEOC, new leadership at all the DOL agencies, and the likelihood that the NLRB quorum will be restored soon, so employers should expect aggressive action by all the workforce agencies. This session will provide critical insights into: What to expect from EEOC with its new quorum; An activated DOL, including the new Wage & Hour Division priorities, such as revisions to the Biden-era rules on white collar exemptions and joint employment; new Opinion Letters and compliance tools, how AI is being addressed, and expected developments; Whether OFCCP will survive in 2026, and changes affecting Federal contractors and grant recipients; and Practical steps employers should consider before 2026 begins. This is the final presentation in FortneyScott’s four-part Workplace Legal Compliance Webinar Series 2025, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
The longest US government shutdown has ended; the House will return to Washington and Congress will resume operations; the EEOC has a quorum and can fully operate; the leadership teams for all DOL agencies now are in place; the NLRB waits to learn the fate of its Members; and, the U.S. Supreme Court will be confronting its Emergency Rulings (the “shadow docket”) in merits rulings on the regular docket in several high stakes cases. Everyone in Washington, the US, and, indeed, the whole world is watching and trying to plan their next steps. Join the Employment Law Alliance (ELA) for an engaging and timely webinar where speakers will discuss what is likely to unfold regarding the workplace and beyond. They will offer practical guidance both for US companies and those that do business with the US .
November 20, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies.
Join FortneyScott attorneys for a complimentary webinar on how employers should prepare for 2026 based on the significant changes in 2025. The Trump Administration begins 2026 with a quorum at the EEOC, new leadership at all the DOL agencies, and the likelihood that the NLRB quorum will be restored soon, so employers should expect aggressive action by all the workforce agencies. This session will provide critical insights into: What to expect from EEOC with its new quorum; An activated DOL, including the new Wage & Hour Division priorities, such as revisions to the Biden-era rules on white collar exemptions and joint employment; new Opinion Letters and compliance tools, how AI is being addressed, and expected developments; Whether OFCCP will survive in 2026, and changes affecting Federal contractors and grant recipients; and Practical steps employers should consider before 2026 begins. This is the final presentation in FortneyScott’s four-part Workplace Legal Compliance Webinar Series 2025, designed for in-house counsel, compliance professionals, HR leaders, and business executives.
Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives.
December 18, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a complimentary webinar on how employers should prepare for 2026 based on the significant changes in 2025. The Trump Administration begins 2026 with a quorum at the EEOC, new leadership at all the DOL agencies, and the likelihood that the NLRB quorum will be restored soon, so employers should expect aggressive action by all the workforce agencies. This session will provide critical insights into: What to expect from EEOC with its new quorum; An activated DOL, including the new Wage & Hour Division priorities, such as revisions to the Biden-era rules on white collar exemptions and joint employment; new Opinion Letters and compliance tools, how AI is being addressed, and expected developments; Whether OFCCP will survive in 2026, and changes affecting Federal contractors and grant recipients; and Practical steps employers should consider before 2026 begins. This is the final presentation in FortneyScott’s four-part Workplace Legal Compliance Webinar Series 2025, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
The longest US government shutdown has ended; the House will return to Washington and Congress will resume operations; the EEOC has a quorum and can fully operate; the leadership teams for all DOL agencies now are in place; the NLRB waits to learn the fate of its Members; and, the U.S. Supreme Court will be confronting its Emergency Rulings (the “shadow docket”) in merits rulings on the regular docket in several high stakes cases. Everyone in Washington, the US, and, indeed, the whole world is watching and trying to plan their next steps. Join the Employment Law Alliance (ELA) for an engaging and timely webinar where speakers will discuss what is likely to unfold regarding the workplace and beyond. They will offer practical guidance both for US companies and those that do business with the US .
November 20, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies.
On Tuesday, December 2, at 2pm EST , join attorneys from Novus Law Firm and FortneyScott and an I/O Psychologist from DCI as we discuss the scope of data being requested by the federal government and how to ensure that your institution is prepared. To register for this complimentary webinar, please CLICK HERE . Higher Education continues to be targeted by the Administration’s enforcement efforts to ensure compliance with federal anti-discrimination laws. Employment and admissions practices are subject to increased scrutiny by multiple federal agencies. For instance, both the Department of Justice (DOJ) and Health & Human Services (HHS) have issued Civil Investigation Demand (CID) letters requiring the submission of voluminous data and documents. These investigations pose significant risks, including potential civil and criminal lability, and the loss of federal contracts and grants. Additionally, the Department of Education (ED) has proposed major changes to the Integrated Postsecondary Education Data System (IPEDS) which, if implemented, would require institutions to report up to six years of detailed admissions data including applicant demographics and admissions criteria for undergraduate and graduate programs. Given this rapidly changing legal compliance landscape, higher education institutions should be prepared for government investigations that scrutinize wide-ranging practices, including those related to employment, admissions, and compensation. We will cover: Responding to federal agency investigations, which can include CIDs & scope of data production How to prepare for a potential investigation How the proposed IPED revisions may impact reporting burdens How federal agencies may use and share institute data Prospective data analytics that should be conducted
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc . This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18 th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc. This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
