What is DFARS subpart 204.73?

The Defense Federal Acquisition Regulation Supplement (DFARS) subpart 204.73 requires contractors and subcontractors working with the United States Department of Defense to safeguard covered defense information that resides in or transits through covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.

The 204.73 subpart does not abrogate any other requirements regarding contractor physical, personnel, information, technical, or general administrative security operations governing the protection of unclassified information, nor does it affect requirements of the National Industrial Security Program.

When did DFARS 204.73 go into effect?

Subpart 204.73 was most recently updated in December of 2017.

What are the penalties for failing to comply with DFARS 204.73?

If an organization is audited by the DOD and found not to have implemented DFARS then the department can levy penalties including a stop-work order, or criminal, civil, administrative or contract penalties.