Safeguarding Covered Defense Information and Cyber Incident Reporting for Contractors and Subcontractors

Guidance from the Undersecretary of Defense detailed the final implementation deadline for DFARS Clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” with no further delays.   DFARS compliance is required in all DoD contracts except for those solely for the acquisition of COTS items. Controlled Unclassified Information (CUI) is sensitive federal government information routinely processed, stored, or transmitted by a contractor in the course of its work providing essential products and services to federal agencies. In addition, contractors must include the clause in subcontracts for which performance will involve covered defense information or operationally critical support.

At a cost significantly less than arguing the reasonability of your processes and taking the chance of becoming out of contract compliance, SPYRUS offers an end to end security solution that includes hardware roots of trust offer the only data protection assurance that similarly priced software solutions are UNABLE to achieve.

Or, contact SPYRUS at to obtain information on availability and pricing on the SPYRUS Hardware Security Modules and Software solutions.

Developers may access the SPYRUS Developers Portal and request a login to access detailed descriptions of typical applications and purchase prototyping quantities of SPYRUS HSMs.