What is the DFARS 252.204-7012 clause?

DFARS 252.204-7012 is a contracting clause that is part of the U.S. Department of Defense's Defense Federal Acquisition Regulation Supplement (DFARS). This specific clause has a wide range of cybersecurity requirements that contractors must follow when the clause is incorporated into contracts. These requirements include cloud security provisions, specific incident handling and reporting requirements, and the requirement to implement the security controls outlined in NIST Special Publication 800-171 in all "covered contractor information systems." The most commonly associated security requirements with the DFARS 252.204-7012 are those 110 security controls outlined in NIST SP 800-171. However, it is important to note that there are a number of other requirements in the DFARS 252.204-7012 clause itself that must be considered when a contractor has a project with this clause incorporated in it.