Class Deviation 2016-O0001
Safeguarding Covered Defense Information and Cyber Incident Reporting

Effective immediately, contracting officers shall use the attached provision 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls (DEVIATION 2016-O0001)(OCT 2015) and clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DEVIATION 2016-O0001)(OCT 2015) in lieu of the provision at DFARS 252.204-7008 and the clause at DFARS 252.204-7012.

This deviation allows offerors up to nine (9) months, after contract award, to comply with the derived security requirement 3.5.3 “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts" within the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations." Offerors must notify the contracting officer if the additional time for compliance will be necessary.

This class deviation remains in effect until incorporated in the DFARS or otherwise rescinded.

Effective Date: October 8, 2015 (7 years ago)
Expire Date: None Given
Incorporated: December 30, 2015 (7 years ago)
Official Documents: Memo
Official Attachments: 1
This is not a government website. Visitors should not rely upon information contained on this website as a substitute for consulting official government publications.1