Interested in training for your team? Click here to learn more

New Cybersecurity Requirements for DoD and Non-DoD Government Contractors: NIST SP 800-171 Compliance

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, May 8, 2018

Recorded event now available

or call 1-800-926-7926

This CLE course will address high-risk cybersecurity concerns for government contractors in the coming year. The panel will outline critical updates to the Federal Acquisition Regulations, recent determinations by the Government Accountability Office, and individual agency efforts to strengthen cybersecurity protections and provide guidance for counsel on keeping clients compliant.


With increasing requirements to safeguard covered defense information, cybersecurity remains at the forefront of compliance issues for government contractors. As of Jan. 1, 2018, the Defense Federal Acquisition Regulations (DFAR 252.204-7012) require all Department of Defense contractors to have implemented the National Institute of Standards and Technology’s Cybersecurity Framework outlined in Special Publication 800-171.

The standard requires contractors to assess their current security protocols for storing, processing and transmitting covered defense information, document the findings in a system security plan (SSP), and develop a plan of action and milestones (POAM) to address any gaps. Compliance with NIST SP 800-171 is now not only a condition of winning new awards but of retaining work under current contracts.

In addition to helping government contractors navigate these critical developments, practitioners must prepare their non-DoD clients for an imminent shift in the Federal Acquisition Regulations to create a universal contracting standard for cybersecurity akin to the DFAR clause.

Listen as our experts provide vital insight on the current cybersecurity requirements for government contractors, changes they can expect in the coming year, and navigating the process with specific agencies in the interim.



  1. Cybersecurity compliance for DoD contractors
    1. DFAR 252.204-7012
    2. NIST SP 800-171
    3. Penalties for noncompliance
  2. Cybersecurity compliance for non-DoD contractors
    1. FAR 52.204-21
    2. Expected changes
  3. Case law/administrative decisions
    1. Syneren Tech. Corp., B-41508, B-415058.2, Nov. 16, 2017
    2. IP Keys Tech., B-414890, B-414890.2, Oct. 4, 2017
  4. Guidance/recommendations for counsel


The panel will review these and other vital issues:

  • What actions do U.S. government contracting officers plan to take if contractors fail to comply with the NIST SP 800171?
  • Will prime government contractors be held financially liable for cyber-related damages caused by their subcontractors and/or third-party partners’ failure to comply with NIST SP 800-171?
  • What changes can government contractors expect to the Federal Acquisition Regulations beyond the current basic safeguarding clause at FAR 52.204-21?


Bourne, Townsend
Townsend L. Bourne

Sheppard Mullin Richter & Hampton

Ms. Bourne represents clients of all sizes on matters relating to the myriad of issues affecting government...  |  Read More

Reynolds, Tina
Tina D. Reynolds

Morrison & Foerster

Ms. Reynolds represents a wide variety of government contractors, including information technology, defense,...  |  Read More

Verhey, David
David Verhey

Dunlap Bennett & Ludwig

Mr. Verhey’s practice concentrates on counseling and representation of clients with business interests in...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video