Compliance with the following Defense Federal Acquisition Regulation Supplement (DFARS) clauses – which address the safeguarding of information for secure dissemination between the Department of Defense (DoD), prime contractors and their suppliers – has been required as of Dec. 31, 2017:
The DoD also added additional requirements to prime contractors and their suppliers in November 2020:
For any contracts L3Harris has or receives that contain these clauses, the clauses also flow down to all sub-tiers of the prime contract. This means they must have in place the higher level of network security, as applicable, and the rapid reporting chain of command as defined in DFARS 252.227-7013.
At a minimum, organizations that have Covered Defense Information (CDI) must comply with all National Institute of Standards and Technology (NIST) Special Publication 800-171 security controls, as addressed in the clauses above.