TransR Compliance Solutions:DFARS Clause 252.204-7012

Safeguarding Covered Defense Information (CDI) and Cyber Incident Reporting


Does DFARS Clause 252.204-7012 Apply to You?

Use CDI COMPLY™, TransR’s DFARS Clause 252.204-7012
Compliance Solution!


Register for the Nov 28, 2018 Free Webinar
Critical conversations for Sr Management with their responsible staff re: System Security Plans


The deadline for compliance to DFARS Clause 252.204-7012 was December 31, 2017 for all companies doing business with the DoD. If you perform work with DoD, Prime or Subcontractor, and you generate or receive Covered Defense Information, this DFARS clause applies to you. It's time for Corrective Action!

If you possess a DoD subcontract, your company has already or soon will receive a letter from your Prime Contractor like the sample depicted in the graphic.

CDI COMPLY™, TransR's proprietary methodology and toolset, leveraged by our expert resources, will help you attain compliance to safeguarding CDI and cyber incident reporting.

Among the most onerous of the subject DFARS clause elements is the assertion that the covered contractor information system shall be subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations”. This publication alone has 14 distinct categories, totaling 109 requirements, some basic and some derived. These CUI requirements must be mapped to the relevant security controls in your organization's System Security Plan (SSP).

TransR makes it easy to identify gaps and discuss corrective action with pertinent management and individual contributors. All our toolkits used in CDI COMPLY™support dashboards as depicted in the graphic with the 14 categories. Our goal is to empower your company to achieve and maintain compliance.

14 Categories Compliance For 109 Rqmts
DFARS Memo From Prime


In our experience, there are four company maturity levels with respect to DFARS Clause 252.204-7012 compliance:

  • Unaware
  • Aware, but unsure of the full scope and applicability to their company
  • Aware, but requiring supplemental resources to augment existing staff to meet the deadline
  • Fully compliant

Regardless of your company's maturity level, TransR provides custom solutions from Total Project Responsibility to on-going Preventative Maintenance!

Below are links to the actual DFAR Clause 252.204-7012 and NIST.SP.800-171. Potential consequences of non-compliance include:

  • Penalties
  • Termination for Convenience
  • Termination for Default
  • Obligation to fulfill the contract terms with payment withheld until compliance with DFARS Clause 252.204-7012

DFARS Clause 252.204-7012 requirements can be summarized as follows:
  • Safeguard covered defense information (NIST.SP.800-171 compliance)
  • Report cyber incidents
  • Submit malicious software
  • Preserve affected media
  • Support forensic analysis
  • Support damage assessment
  • Flow down the clause to subcontractors as applicable

We’ve established a repeatable process to achieve compliance, and aggressively manage the execution of the structured tasks in our plan. And lastly, without sufficient project governance from the executive team through to the SMEs, continuity falters, and definiteness of purpose wanes. For a business process transformation project of this importance, the opportunity cost is unacceptable, and we strive to ensure success through proper project governance.

DFARS Clause 252.204-7012 NIST SP 800-171r1 TransR DFARS Brochure

Use TransR's CDI COMPLY™ To Become DFARS Clause 252.204-7012 Compliant!
TransR CDI COMPLY™ Team Members' Capability Statements

TransR Corporation Astute Back-Office Axis Technologies