top of page

DFARS 252.204-7012
Purchase Order Requirements for Suppliers of PDI Ground Support Systems and KWD Aircraft Support Equipment

  • DFARS 252.204-7012 requires defense contractors to protect Controlled Unclassified Information (CUI) by implementing NIST SP 800-171 security requirements, developing a System Security Plan (SSP), and reporting cyber incidents within 72 hours.

  • All subcontractors must fully adhere to DFARS 252.207-7012 and have complete cybersecurity controls and reporting procedures in place.

  • Cloud service providers critical to defense contractors must meet stringent security standards including obtaining FedRAMP authorization and implementing additional DFARS 252.204-7012 specified security measures for Covered Defense Information protection.

  • Defense contractors must ensure subcontractor compliance with DFARS 252.204-7012 through flow-down requirements and are also responsible for CMMC certification which includes third-party assessment and overlaps with some DFARS requirements but introduces additional data protection controls.

bottom of page