DOD’s New Cyber Rules May Spur Contract Disputes

Last year, the U.S. Department of Defense published an interim rule to establish new methods for assessing contractor implementation of cybersecurity requirements.

The interim rule will require thousands of defense contractors to conduct at least a basic assessment of their compliance with the 110 security requirements specified by the National Institute of Standards and Technology Special Publication 800–171.

The interim rule will prompt potential contact disputes, as could involve terminations for default, payment reductions for noncompliance, challenges to DOD cybersecurity assessments and monetary claims.

Contractors now are receiving solicitations and contracts with new Defense Federal Acquisition Regulation Supplement clauses 252.204-7019 and 252.204- 7020, which implement the new cyber requirements. Contractors should recognize these potential areas of dispute.

To read this article, which explores these issues in-depth, please click here.