Sierra Nevada Corporation | SNC | Logo Min Sierra Nevada Corporation SNC Logo Small search search icon arrow right arrow right icon press press release icon event event icon award award icon horn announcement icon facebook facebook icon google google plus icon linkedin linkedin icon youtube youtube icon instagram instagram icon flickr flickr icon icon pdf pdf download icon icon phone telephone number icon icon email email address icon

Sierra Nevada Corporation | SNC Sierra Nevada Corporation | SNC

Together we deliver advanced technology products & services that solve some of the worlds most difficult challenges. This makes SNC, its suppliers, and its customers potential targets for cyber attacks. It's ever important that we understand these threats and the joint responsibility necessary to secure our supply chain.

The DOD published DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Reporting in an effort to prevent improper access of important unclassified information in the supply base. The DFARS 252.204-7012 clause includes the following key requirements:


Adequate Security

Contractors must provide adequate security on all covered contractor information systems. A “Covered contractor information system” is defined as an unclassified information system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information.

Cyber Incident Reporting

When a cyber incident is discovered, contractors must conduct a review for evidence of compromise of covered defense information and report the to DoD at http://dibnet.dod.mil and SNC within 72 hours. A “Cyber incident” is defined as actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.

Supplier Flow Down

When engaging with other suppliers that require access to covered defense information in performance of a contract, include the DFARS 252.204-7012 clause in any subcontracts, or similar contractual instruments with those suppliers.

Read the full clause here.


Continued Diligence

It is imperative that all SNC subcontractors and/or suppliers meet DFARS requirements as necessary. Together our continued diligence will protect vital information, minimize risks and secure competitive advantage for all parties. For additional information please send us an email at supplychainaudit@sncorp.com.

Cyber Security Resources

DoD Cyber Security Evaluation Tool (scroll down to C/SET)
NIST MEP Cybersecurity Self-Assessment Handbook
DoD Procurement Toolbox
DFARS 252.204-7012 [OCT 2016]
DoD's FAQ for DFARS 252.204-7012
NIST SP 800-171 Rev 1
NIST SP 800-171A
NIST 800-53R4, Security and Privacy Controls for Federal Information Systems
National Initiative for Cybersecurity Information (NICE)
OMB's guidance
New NIST Guide Helps Small Businesses Improve Cybersecurity
U.S. Small Business Administration - Cybersecurity
U.S. Small Business Administration - Training Exercise
Homeland Security - Stop.Think.Connect. Small Business Resources