DOD Meeting Makes Clear DOD Cybersecurity Rule Will Trigger New Requirements
December 15, 2015
We previously notified you of a meeting on the new updated Department of Defense (DOD) rule on cybersecurity, DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (August 2015), and its October 2015 Class Deviation. The meeting, hosted by DOD, made clear that these new updated rules pose significant new obligations for DOD contractors and subcontractors. Your company's procurement and legal compliance representatives need to be on top of these matters.
Key Developments:
DOD considers the new obligations to be triggered under the clause when performance of the DOD contract or subcontract involves ?Covered Defense Information? (CDI) or operationally critical support (OCS). These significant obligations require contractor information systems to comply with new NIST 800-171 standards and, where the contractor uses cloud services, require notification and use of Government-approved cloud services providers for cloud storage or transmission under DOD contracts. Contractors are required to report a cyber incident that affects a covered system or the CDI, or that affects the contractors ability to perform the OCS requirements. Contractors have the right to seek additional compensation to meet these obligations, but to do so they must initiate specific steps before agreeing to the new terms.
Triggers:
Application of the clause is triggered if a DOD contract would provide the contractor, or the contractor otherwise would collect, develop, receive, transmit, use or store, of any of the following four types of CDI in support of performance of your DOD contract or subcontract:
- Controlled technical information [CTI].
- Critical information (operations security).
- Export controlled information.
- Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies (e.g., privacy, proprietary business information).
The clause also is triggered if the contractor would provide OCS, meaning supplies or services the Government designates as ?for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.
Requirements:
Compliance with the clause requires that a contractors covered systems and protection of CDI meet the new NIST SP 800-171 standards. Use of cloud services (CS) to store or transit CDI in performance of the contract requires DOD notice and use of DOD-approved cloud services. Contractors must rapidly report directly to DOD on a cyber incident that affects, or risks affecting, a covered contractor information system or CDI, or that affects the contractors ability to perform the operationally critical support requirements. Only pre-approved personnel can do the reporting. The requirements apply to contractors and subcontractors.
Takeaways and Next Steps:
- Ensure your company's procurement and legal compliance representatives are up to speed on these new, significant changes for DOD contracts.
- If asked to include the new clause in your existing contract, you have the right to seek compensation for the increased costs and time needed to address the additional requirements. You must notify the Contracting Officer (or your prime) of the impact of this change and your right to an equitable adjustment, and negotiate the terms before you accept the clause, or risk losing your right to seek compensation.
- New DOD procurements and contracts will include the clause. Proactively check whether they trigger clause requirements and factor your compliance costs, and any required waiver or approvals, into proposal preparations and the ultimate contract. Its likely that most companies will need to do something.
You have options. If you would like to understand your requirements or would like assistance in this area, please contact a FortneyScott attorney.
November 20, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies.
On Tuesday, December 2, at 2pm EST , join attorneys from Novus Law Firm and FortneyScott and an I/O Psychologist from DCI as we discuss the scope of data being requested by the federal government and how to ensure that your institution is prepared. To register for this complimentary webinar, please CLICK HERE . Higher Education continues to be targeted by the Administration’s enforcement efforts to ensure compliance with federal anti-discrimination laws. Employment and admissions practices are subject to increased scrutiny by multiple federal agencies. For instance, both the Department of Justice (DOJ) and Health & Human Services (HHS) have issued Civil Investigation Demand (CID) letters requiring the submission of voluminous data and documents. These investigations pose significant risks, including potential civil and criminal lability, and the loss of federal contracts and grants. Additionally, the Department of Education (ED) has proposed major changes to the Integrated Postsecondary Education Data System (IPEDS) which, if implemented, would require institutions to report up to six years of detailed admissions data including applicant demographics and admissions criteria for undergraduate and graduate programs. Given this rapidly changing legal compliance landscape, higher education institutions should be prepared for government investigations that scrutinize wide-ranging practices, including those related to employment, admissions, and compensation. We will cover: Responding to federal agency investigations, which can include CIDs & scope of data production How to prepare for a potential investigation How the proposed IPED revisions may impact reporting burdens How federal agencies may use and share institute data Prospective data analytics that should be conducted
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc . This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18 th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc. This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
November 20, 2025 at noon EDT CLICK HERE to Register Join FortneyScott attorneys for a timely webinar addressing the Trump Administration’s escalating enforcement efforts targeting “illegal DEI” practices among federal contractors, grant recipients, and higher education institutions. In recent months, the Administration has initiated certification demands, expanded DOJ investigations under the False Claims Act, and increased EEOC scrutiny under Title VII. This session will provide critical insights into: The latest developments in federal investigations and enforcement; DEI programs under legal challenge; and Practical steps employers—especially federal contractors and grant recipients—should take now to mitigate legal risk and ensure compliance with EEO laws. This is the third installment in FortneyScott’s four-part Workplace Legal Compliance Webinar Series, designed for in-house counsel, compliance professionals, HR leaders, and business executives. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies.
On Tuesday, December 2, at 2pm EST , join attorneys from Novus Law Firm and FortneyScott and an I/O Psychologist from DCI as we discuss the scope of data being requested by the federal government and how to ensure that your institution is prepared. To register for this complimentary webinar, please CLICK HERE . Higher Education continues to be targeted by the Administration’s enforcement efforts to ensure compliance with federal anti-discrimination laws. Employment and admissions practices are subject to increased scrutiny by multiple federal agencies. For instance, both the Department of Justice (DOJ) and Health & Human Services (HHS) have issued Civil Investigation Demand (CID) letters requiring the submission of voluminous data and documents. These investigations pose significant risks, including potential civil and criminal lability, and the loss of federal contracts and grants. Additionally, the Department of Education (ED) has proposed major changes to the Integrated Postsecondary Education Data System (IPEDS) which, if implemented, would require institutions to report up to six years of detailed admissions data including applicant demographics and admissions criteria for undergraduate and graduate programs. Given this rapidly changing legal compliance landscape, higher education institutions should be prepared for government investigations that scrutinize wide-ranging practices, including those related to employment, admissions, and compensation. We will cover: Responding to federal agency investigations, which can include CIDs & scope of data production How to prepare for a potential investigation How the proposed IPED revisions may impact reporting burdens How federal agencies may use and share institute data Prospective data analytics that should be conducted
Understanding that everyone is going into Q4, which is the kickoff of your merit and compensation cycles, we want to support those compliance efforts. Join FortneyScott attorneys and our guest speaker, Rick Holt from Resolution Economics, on Thursday, October 23, 2025, at noon EDT for a discussion on strategies for reviewing compensation decisions under the governing legal standards and the Trump Administration’s enforcement priorities. We will focus on discussing: Changes in legal enforcements; Legal considerations for conducting pay analyses; Recommendations on refreshing analysis models; and, Remediation strategies. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc . This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18 th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc. This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
During the first months of the Trump Administration employers have faced unprecedented challenges in understanding and keeping up with the rapidly changing legal environment. To assist our clients in successfully navigating these challenges, FortneyScott is initiating a four-month, complimentary training program addressing Workplace Legal Compliance. These new, original trainings will occur during September through December, 2025 and will include 4 monthly webinars, at least 4 podcasts of DC Insider—Employer Update and timely alerts as developments unfold. The trainings are designed to provide substantive updates and to assist employers in addressing the latest developments as part of their organization’s comprehensive workplace legal compliance program. How to Participate : Register now for the FortneyScott Workplace Legal Compliance webinars, podcast notifications and alerts: Register for all 4 webinars (September 18, October 23, November 20 and December 18). Register for notifications of new podcast episodes of DC Insider—Employer Update. Register for Workplace Legal Compliance alerts and updates. If you have an immediate questions or feedback, please contact any of the FortneyScott attorneys or email info@fortneyscott.com . Additional Background : Workplace legal compliance is essential for mitigating risk, protecting employees, and fostering a positive and reputable company culture. Adhering to federal, state, and local laws concerning labor, safety, and discrimination prevents costly penalties, lawsuits, and operational disruptions. Beyond simply avoiding legal and financial consequences, compliance builds trust with employees and other stakeholders by demonstrating a commitment to ethical conduct. This creates a fair and safe work environment that boosts employee morale, increases retention, and enhances overall productivity. By proactively managing legal responsibilities, an organization strengthens its reputation and brand image, which in turn can attract top talent and create a competitive advantage in the marketplace. FortneyScott’s Workplace Legal Compliance supports employers in meeting these objectives. Ultimately, legal compliance is not only a regulatory obligation – it is a strategic investment in the long-term success and integrity of your organization.
We are pleased to announce that FortneyScott attorney David Fortney has been recognized as one of The Best Lawyers in America for 2026, in recognition of outstanding achievement and contributions to the field of Labor and Employment law. This marks a continuation of his recognition in The Best Lawyers in America since 2008, reflecting a sustained commitment to excellence, innovation, and leadership. It underscores the impact of his work within the professional community. We extend our congratulations on this well-deserved recognition.
The U.S. Department of Justice (DOJ), Civil Division is sending Civil Investigative Demands (CIDs) to federal contractors seeking information on their DEI practices, under its authority to investigate False Claims Act (FCA) claims. Flowing from President Trump’s Executive Order 14173, which seeks to limit DEI efforts, the DOJ recently launched the Civil Rights Fraud Initiative, which utilizes the FCA to investigate and pursue claims against recipients of federal funds (including federal contractors) that their DEI practices violate federal civil rights laws. The focus of these investigations will likely be: Discriminatory preferences/goals: DEI programs that assign benefits or burdens based on race, ethnicity, or national origin. Use of proxies to mask discrimination: Practices using criteria like "cultural competence" or "lived experience" as proxies for protected characteristics in hiring or promotion decisions. Segregation in the workplace: Limiting membership in affinity groups or separating employees by protected characteristics during training. Discriminatory training programs: DEI training that promotes stereotypes, excludes individuals based on protected characteristics, or creates a hostile environment. Failure to protect against antisemitism: Institutions accepting federal funds that do not adequately address antisemitism or other civil rights violations. Organizations found to be in violation of the FCA can face significant penalties, including treble damages (three times the amount of damages incurred by the government), civil penalties for each false claim, and reputational harm. As a result, all federal contractors and grant recipients should be on high alert for any communication from DOJ and should immediately notify internal counsel if any such communication is received. Please contact your FortneyScott attorney or email us at info@fortneyscott.com for additional information on how to be prepared and to respond to these DOJ investigations and other best practices recommendations.
As the Trump Administration reshapes the U.S. Department of Labor (DOL), employers and federal contractors face significant shifts in agency leadership, budget priorities, enforcement programs, and regulatory strategies. Join FortneyScott attorneys for an in-depth webinar covering what these changes may mean for your organization. Key Topics to be Covered Include: New Leadership: Review of confirmed and pending DOL appointees, including Secretary Chavez-DeRemer and Deputy Secretary Keith Sonderling. Compliance & Self-Audit Programs: Expansion of opinion letter guidance and voluntary audit initiatives across W&H, VETS, OSHA, EBSA, MSHA, and OLMS. Aggressive Deregulatory Agenda: Efforts to revoke EO 11246 regulations, registered apprenticeship affirmative action requirements, and legacy EBSA guidance. Regulatory Revisions & Enforcement: Reforms to Section 503, VEVRAA, tip-credit rules, and child labor standards — including new penalty frameworks. Status of Biden-Era Rules: Updates on independent contractor, overtime, minimum wage, and PLA-related regulations. Proposed FY2026 Budget: 35% overall reduction, including workforce downsizing and potential elimination of OFCCP, Job Corp, and the Women’s Bureau. Strategic Considerations: How the return of the PAID program and potential OFCCP self-audit options may affect employer risk exposure.
