OtherUnited States (DoD)
DFARS 252.204-7012 - Safeguarding Covered Defense Information
DFARS clause 252.204-7012 (48 CFR 252.204-7012, clause edition MAY 2024). Requires DoD contractors to provide adequate security on covered contractor information systems by implementing NIST SP 800-171, to rapidly report cyber incidents (within 72 hours of discovery) to DoD via dibnet.dod.mil using a DoD-approved medium assurance certificate, to submit isolated malicious software to the DoD Cyber Crime Center (DC3), to preserve affected media and monitoring data for at least 90 days, to support forensic analysis and damage assessment, and to flow the clause down to in-scope subcontracts.
Domains
DFARS 7012: Other Requirements and Subcontract Flowdown
DFARS 7012: Information Protection and Use
DFARS 7012: Forensics and Damage Assessment
DFARS 7012: Malicious Software and Media Preservation
DFARS 7012: Cyber Incident Reporting
Compare DFARS 252.204-7012 - Safeguarding Covered Defense Information
DFARS 252.204-7012 - Safeguarding Covered Defense Information vs ISO 27001:2022View comparison →DFARS 252.204-7012 - Safeguarding Covered Defense Information vs SOC 2View comparison →DFARS 252.204-7012 - Safeguarding Covered Defense Information vs NIST CSF 2.0View comparison →DFARS 252.204-7012 - Safeguarding Covered Defense Information vs GDPRView comparison →DFARS 252.204-7012 - Safeguarding Covered Defense Information vs HIPAAView comparison →DFARS 252.204-7012 - Safeguarding Covered Defense Information vs PCI DSS 4.0View comparison →
DFARS 252.204-7012 - Safeguarding Covered Defense Information by Industry
DFARS 252.204-7012 - Safeguarding Covered Defense Information for Healthcare→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Financial Services→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Technology→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Government→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Manufacturing→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Energy→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Retail→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Education→
DFARS 252.204-7012 - Safeguarding Covered Defense Information by Role
DFARS 252.204-7012 - Safeguarding Covered Defense Information for CISOs→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Compliance Officers→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Risk Managers→DFARS 252.204-7012 - Safeguarding Covered Defense Information for IT Directors→DFARS 252.204-7012 - Safeguarding Covered Defense Information for DPOs→DFARS 252.204-7012 - Safeguarding Covered Defense Information for Auditors→
Frequently Asked Questions
What is DFARS 252.204-7012 - Safeguarding Covered Defense Information?
DFARS clause 252.204-7012 (48 CFR 252.204-7012, clause edition MAY 2024). Requires DoD contractors to provide adequate security on covered contractor information systems by implementing NIST SP 800-171, to rapidly report cyber incidents (within 72 hours of discovery) to DoD via dibnet.dod.mil using a DoD-approved medium assurance certificate, to submit isolated malicious software to the DoD Cyber Crime Center (DC3), to preserve affected media and monitoring data for at least 90 days, to support forensic analysis and damage assessment, and to flow the clause down to in-scope subcontracts.
How many controls does DFARS 252.204-7012 - Safeguarding Covered Defense Information have?
DFARS 252.204-7012 - Safeguarding Covered Defense Information contains 12 controls organized across 7 domains.
Where does DFARS 252.204-7012 - Safeguarding Covered Defense Information apply?
DFARS 252.204-7012 - Safeguarding Covered Defense Information is applicable in United States (DoD). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does DFARS 252.204-7012 - Safeguarding Covered Defense Information map to?
DFARS 252.204-7012 - Safeguarding Covered Defense Information has control-to-control mappings with 3 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with DFARS 252.204-7012 - Safeguarding Covered Defense Information compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for DFARS 252.204-7012 - Safeguarding Covered Defense Information?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.