DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

Title card showing dfars 252.204-7012

This video by Amira Armond / CMMCAudit.org is a free 18 minute training on the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. This is part 1 where we review the definitions of Covered Defense Information (CDI) and Covered Contractor Information System. Understanding these two definitions are critically important for any contractor that has DFARS 252.204-7012 in their contract!

Why is DFARS important to 800-171 and CMMC?

The DFARS 252.204-7012 is where the requirement for defense contractors to implement very strong cybersecurity comes from. Without DFARS 252.204-7012, we wouldn’t need to do NIST SP 800-171 or report cyber incidents.

This is legal stuff!

This video is provided for educational and training purposes only, with no warranties. We highly recommend engaging with legal counsel that is knowledgeable about DFARS and CUI before taking any action for your own company.

Controlled Unclassified Information is not always Covered Defense Information

This diagram shows different types of sensitive information and their related cybersecurity requirements for protection. Note that Covered Defense Information is a subset of Controlled Unclassified Information, which is itself a subset of Federal Contract Information.

Infographic showing relationship of FCI CUI CDI FOUO and non-federal data to CMMC and DFARS

Here are some helpful links to each requirement:

FAR 52.204-21 – https://www.acquisition.gov/far/52.204-21-0

DFARS 252.204-7012 – https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

32 CFR 2002 518.38 – https://www.govinfo.gov/content/pkg/CFR-2002-title32-vol3/html/CFR-2002-title32-vol3-part518-subpartD.htm

FIPS 199 – https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf

32 CFR 2002.14 (g) – https://www.govinfo.gov/content/pkg/CFR-2017-title32-vol6/pdf/CFR-2017-title32-vol6-part2002.pdf

CMMC ML1 – https://www.acq.osd.mil/cmmc/docs/CMMC_ModelMain_V1.02_20200318.pdf

CMMC ML3 – https://www.acq.osd.mil/cmmc/docs/CMMC_ModelMain_V1.02_20200318.pdf

CUI Registry – https://www.archives.gov/cui

DoD Instruction implementing CUI Program – https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/520048p.PDF

And now for the training video!

Part 1 – Covered Defense Information and Covered Contractor Information Systems

2 thoughts on “DFARS 252.204-7012 – Part 1, CDI and Covered Info Systems

Leave a Reply

Your email address will not be published. Required fields are marked *