Client Alerts & Newsletters

Uncontrolled Information: DoD Audit Finds Contractor Lapses in Protecting Controlled Unclassified Information

Aug.02.2019

The Department of Defense Inspector General has released a much-anticipated audit report regarding the protection of Controlled Unclassified Information (CUI) on contractor networks.  Begun last summer at the Defense Secretary’s request, the audits found that contractors are not consistently implementing cybersecurity standard NIST SP 800-171, despite being required to do so under DFARS 252.204-7012.  The report calls particular attention to common shortcomings regarding multifactor authentication, strong passwords, vulnerability management, and removable media, among others.

The report recommends that DoD:

  • Verify that contractors are identifying, responding to, and reporting cyber incidents involving CUI;
  • Assess contractors’ ability to protect CUI as part of the solicitation process; and
  • Validate, at least annually, that contractors are complying with their contractual cybersecurity requirements.

These recommendations are consistent with recent DoD efforts to establish a “Cybersecurity Maturity Model Certification” that would require contractors to be certified compliant with contractually-specified cybersecurity requirements to be eligible for award.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kate M. Growley, CIPP/G, CIPP/US
Partner – Washington, D.C.
Phone: +1 202.624.2698
Email: kgrowley@crowell.com

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1 202.624.2615
Email: ewolff@crowell.com

Maida Oringher Lerner
Senior Counsel – Washington, D.C.
Phone: +1 202.624.2596
Email: mlerner@crowell.com

Michael G. Gruden, CIPP/G
Associate – Washington, D.C.
Phone: +1 202.624.2545
Email: mgruden@crowell.com

Crowell & Moring LLP is an international law firm with approximately 550 lawyers representing clients in litigation and arbitration, regulatory and policy, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity, equity and inclusion. The firm has offices in Brussels, Doha, London, Los Angeles, New York, Orange County, San Francisco, Shanghai, and Washington, D.C.

View Desktop Site | Mobile Sitemap |

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2021
Attorney advertising - prior results do not guarantee a similar outcome.