OtherUnited States (DoD)
DFARS 252.204-7012 — Safeguarding Covered Defense Information
Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires Department of Defense (DoD) contractors and subcontractors to provide adequate security for Covered Defense Information (CDI) and report cyber incidents. Contractors must implement NIST SP 800-171 security requirements, report cyber incidents within 72 hours to the DoD Cyber Crime Center (DC3), and preserve images for 90 days.
Domains
Flow-Down and Subcontractor Requirements
Investigation Support
Cyber Incident Reporting
Adequate Security Requirements
Definitions and Scope
Compare DFARS 252.204-7012 — Safeguarding Covered Defense Information
DFARS 252.204-7012 — Safeguarding Covered Defense Information vs ISO 27001:2022View comparison →DFARS 252.204-7012 — Safeguarding Covered Defense Information vs SOC 2View comparison →DFARS 252.204-7012 — Safeguarding Covered Defense Information vs NIST CSF 2.0View comparison →DFARS 252.204-7012 — Safeguarding Covered Defense Information vs GDPRView comparison →DFARS 252.204-7012 — Safeguarding Covered Defense Information vs HIPAAView comparison →DFARS 252.204-7012 — Safeguarding Covered Defense Information vs PCI DSS 4.0View comparison →
DFARS 252.204-7012 — Safeguarding Covered Defense Information by Industry
DFARS 252.204-7012 — Safeguarding Covered Defense Information for Healthcare→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Financial Services→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Technology→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Government→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Manufacturing→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Energy→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Retail→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Education→
DFARS 252.204-7012 — Safeguarding Covered Defense Information by Role
DFARS 252.204-7012 — Safeguarding Covered Defense Information for CISOs→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Compliance Officers→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Risk Managers→DFARS 252.204-7012 — Safeguarding Covered Defense Information for IT Directors→DFARS 252.204-7012 — Safeguarding Covered Defense Information for DPOs→DFARS 252.204-7012 — Safeguarding Covered Defense Information for Auditors→
Frequently Asked Questions
What is DFARS 252.204-7012?
Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires Department of Defense (DoD) contractors and subcontractors to provide adequate security for Covered Defense Information (CDI) and report cyber incidents. Contractors must implement NIST SP 800-171 security requirements, report cyber incidents within 72 hours to the DoD Cyber Crime Center (DC3), and preserve images for 90 days.
How many controls does DFARS 252.204-7012 have?
DFARS 252.204-7012 contains 32 controls organized across 7 domains.
Where does DFARS 252.204-7012 apply?
DFARS 252.204-7012 is applicable in United States (DoD). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does DFARS 252.204-7012 map to?
DFARS 252.204-7012 has control-to-control mappings with 593 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with DFARS 252.204-7012 compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for DFARS 252.204-7012 — Safeguarding Covered Defense Information?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.