New DoD Rule on Cybersecurity and Cloud Computing Requirements: Implications for Contractors and Subcontractors

Complying With "Adequate Security" and "Cyber Incident" Reporting Mandates; Incorporating Cloud Computing Clauses in Contracts

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, October 20, 2015

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will examine and explain the recently released Department of Defense (DoD) interim rule, Safeguarding Covered Defense Information and Cyber Incident Reporting, and its implications for government contractors and subcontractors. The panel will outline expanded requirements for contractor information system security, cyber incident reporting and the use of cloud computing services, and suggested next steps to ensure compliance.


On Aug. 26, 2015, the DoD released an interim rule implementing certain provisions of the 2013 and 2015 National Defense Authorization Acts. The rule, effective immediately for DoD contractors and subcontractors of all sizes, significantly expands contractors’ cybersecurity responsibilities and accountability. It outlines contractor information system security requirements, “cyber incident” reporting mandates, and cloud computing standards and procedures.

Under the rule, contractors must provide “adequate security” for “covered defense information.The rule also requires contractors to report “cyber incidents” involving “covered defense information” within 72 hours of discovery. In addition, the rule implements new policies and procedures for contractors using cloud computing services to ensure uniform application of cloud services across all DoD contractors and subcontractors.

DoD is accepting comments on the interim rule until Oct. 26, 2015. Counsel representing DoD contractors and subcontractors must understand the new requirements and their implications in order to prepare their clients to comply with the expanded duties and obligations, as well as to provide advice on submitting comments.

Listen as our authoritative panel of government contracts attorneys discusses the impact of the new DoD cybersecurity rule for contractors and subcontractors and compliance best practices.



  1. Review of new requirements under DoD rule
  2. Interplay with other cybersecurity rules for government contractors
  3. Compliance strategies


The panel will review these and other key issues:

  • Who is covered by the DoD’s new cybersecurity interim rule?
  • What steps should contractors and subcontractors take to comply with the requirement to provide “adequate security” for “covered defense information?”
  • What types of activities must be reported under the new mandatory reporting of “cyber incidents?”
  • What control measures should contractors put in place to ensure that their subcontractors are in compliance with the interim rule?


Mary E. (Mary Beth) Bosco
Mary E. (Mary Beth) Bosco

Holland & Knight

Ms. Bosco has 30 years of experience working with new and experienced government contractors, and focuses her...  |  Read More

Michael F. Mason
Michael F. Mason

Hogan Lovells US

Mr. Mason leads the Aerospace, Defense, and Government Services Industry Sector Group at Hogan Lovells.  Mike...  |  Read More

Michael J. Scheimer
Michael J. Scheimer

Hogan Lovells US

Mr. Scheimer advises clients on government contract matters with a particular focus on defense, information technology,...  |  Read More

Christian F. Henel
Christian F. Henel

Thompson Hine

As part of his firm's construction practice group, Mr. Henel assists clients in resolving disputes involving...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video