Cyber Security Breaches

Government Contract Cybersecurity Attorneys in Dallas, TX

Cybersecurity is one of the most complex challenges facing individuals, businesses, and governments today. Hardly a week passes without news of another cyber breach affecting companies of all sizes, from small startups to large corporations.

But when the locks fail, who is to blame?

If you are a federal contractor or subcontractor, you cannot ignore this question. The Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) impose strict obligations regarding how sensitive defense-related information must be secured and how cyber incidents must be reported. 

Cybersecurity Compliance Requirements for Federal Contractors

Under DFARS 252.204-7012, federal contractors and subcontractors must take specific steps to safeguard Covered Defense Information (CDI) that resides in or transits through a covered contractor information system. These systems include any unclassified information system owned or operated by the contractor that processes, stores, or transmits CDI. Contractors must also promptly report any cyber incidents affecting these systems to the Department of Defense (DoD).

To comply with DFARS 252.204-7012, contractors must maintain “adequate security” by implementing the security controls outlined in NIST SP 800-171. These controls cover access management, incident response, system integrity, and other cybersecurity best practices.

Additionally, DFARS Subpart 204.73 requires contractors to have completed at least a Basic NIST SP 800-171 DoD Assessment within the past three years, unless otherwise specified in the solicitation documents. This means that compliance must be demonstrated at the time of contract award and maintained throughout the contract’s duration—and possibly even after it ends.

While “adequate security” is the required baseline, contractors should also be mindful of the broader concept of “sufficient cybersecurity.” Though not a formal requirement, this reflects the expectation to maintain a strong cybersecurity posture, including adherence to additional standards like NIST SP 800-53 and NIST SP 800-171 controls to address evolving threats.

Why is Due Diligence in Safeguarding CDI So Important?

Noncompliance with DFARS 252.204-7012 and related requirements can lead to serious consequences, including criminal, civil, administrative, or contractual penalties such as damages and contract termination. Notably, DFARS 252.204-7009 designates third parties who report cyber incidents as third-party beneficiaries of government non-disclosure agreements, allowing them to pursue civil actions for damages if breaches occur (48 C.F.R. 252.204–7009).

Contractors must also certify, under penalty of perjury, the accuracy of pricing, invoicing, and other contract representations during government contract performance. Failure to comply may trigger liability under the False Claims Act (FCA), exposing contractors to significant civil litigation and monetary penalties.

Given these risks, diligent compliance with DFARS Subpart 204.73 is critical. With cyber breaches on the rise, these measures will likely extend beyond federal contracts, to state, local, and possibly even private contracts.

Due diligence means more than copying generic policies and procedures from another business. Your cybersecurity program must be tailored to your organization’s operations and continuously maintained to meet DFARS sufficiency and adequacy standards. This includes:

• Safeguarding CDI by implementing NIST SP 800-171 security controls
• Promptly reporting cyber incidents under the Cybersecurity Maturity Model Certification (CMMC) Program

Why Choose Coleman Jackson P.C. for Government Contracts Cybersecurity Legal Services?

As experienced government contracts attorneys and counselors, we can work closely with federal government contractors and subcontractors to counsel and advocate in these key areas:

• Safeguarding CDI: Advising on DFARS compliance and implementing NIST SP 800-171 security requirements
• Cyber Incident Response: Guiding clients through reporting and filing cyber incident reporting, providing legal counsel during and after cyber incidents, and representing contractors in DoD investigations 
• Litigation: Defending clients in cyber incident disputes and False Claims Act cases in federal courts

Contact Experienced Government Contract Cybersecurity Lawyers Today

Facing a cyber incident or DFARS compliance issue? Contact our Dallas-based government contract cybersecurity attorneys at Coleman Jackson, P.C. Call (214) 599-0431 or reach out to us online today.