DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)

Policy Window Editorial Board

DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)

DFARS-252-204 · US

In forceLast verified 2026-05-31

In force since 2020-11-30. A Binding regulation from US. Defense-acquisition-specific information-security regulation. Core clauses: (1) DFARS 252.204-7012 (adopted 2015, current consolidated 2020) — requires contractors handling Covered Defense Information (CDI) on covered contractor information systems to implement NIST SP 800-171 r2 security controls + report cyber incidents to DoD within 72 hours; (2) DFARS 252.204-7019 / -7020 / -7021 (CMMC interim rule Nov 2020) — implements the Cybersecurity Maturity Model Certification framework requiring increasingly stringent third-party attestation of NIST 800-171 implementation by contract tier. AI relevance: (a) AI-system source code, model weights, training data, and architecture documentation produced or stored on contractor systems fall within CDI when the underlying contract is so designated; (b) cyber-incident reporting in 252.204-7012(c) applies equally to AI-system compromise events (training-data exfiltration, model-weight theft, prompt-injection-based credential exposure); (c) supply-chain risk-management linkages with FAR Part 4 Subpart 4.21 + the DoD RAI S&IP supply-chain tenet. Distinct from AI-specific DFARS clauses under consideration as part of DoD Acquisition Innovation initiatives — none of which have been finalised at the catalog-write date.

Key finding

DoD information-security regulation; NIST 800-171 + CMMC implementation; AI source/weights/training data fall within Covered Defense Information when contract designates.

“Contractor shall provide adequate security on all covered contractor information systems by implementing NIST Special Publication 800-171 (252.204-7012(b)(2)(i)).”

sec:252.204-7012(b)(2)(i)primary source ↗Editor-selected excerpt — verbatim from the cited source, not generated.

Coverage at a glance

governs2implicit2silent20conflicts0of 24 cells

Coverage fingerprint — color = verdict, height = confidence. One tick per tracked topic.

Key finding

DoD information-security regulation; NIST 800-171 + CMMC implementation; AI source/weights/training data fall within Covered Defense Information when contract designates.

“Contractor shall provide adequate security on all covered contractor information systems by implementing NIST Special Publication 800-171 (252.204-7012(b)(2)(i)).”
sec:252.204-7012(b)(2)(i) · Primary source

Reviewed by Editorial board (in formation) (Policy Window) · 2026-05-31 · Editorial board

Scope and obligations

Defense-acquisition-specific information-security regulation. Core clauses: (1) DFARS 252.204-7012 (adopted 2015, current consolidated 2020) — requires contractors handling Covered Defense Information (CDI) on covered contractor information systems to implement NIST SP 800-171 r2 security controls + report cyber incidents to DoD within 72 hours; (2) DFARS 252.204-7019 / -7020 / -7021 (CMMC interim rule Nov 2020) — implements the Cybersecurity Maturity Model Certification framework requiring increasingly stringent third-party attestation of NIST 800-171 implementation by contract tier. AI relevance: (a) AI-system source code, model weights, training data, and architecture documentation produced or stored on contractor systems fall within CDI when the underlying contract is so designated; (b) cyber-incident reporting in 252.204-7012(c) applies equally to AI-system compromise events (training-data exfiltration, model-weight theft, prompt-injection-based credential exposure); (c) supply-chain risk-management linkages with FAR Part 4 Subpart 4.21 + the DoD RAI S&IP supply-chain tenet. Distinct from AI-specific DFARS clauses under consideration as part of DoD Acquisition Innovation initiatives — none of which have been finalised at the catalog-write date.

DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) addresses 2 contested AI-governance topics explicitly, 2 via general principles,.

Topics governed

implicit
Foundation Models / GPAI— 252.204-7012 — AI-system source code, model weights, training data fall within Covered Defense Information scope when the underlying contract designates these as CDI; foundation-model artefacts are CDI through the standard contract designation pathway
implicit
Compute-Threshold Reporting— Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS
governs
Training-Data Rights— 252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)
Art. 252.204-7012(c)paraphrase
When the Contractor discovers a cyber incident that affects a covered contractor information system … the Contractor shall … rapidly report cyber incidents to DoD … within 72 hours of discovery.
source
governs
National Security Carveouts in AI Regulation— 252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime
Art. 252.204-7012(b)paraphrase
The Contractor shall provide adequate security on all covered contractor information systems … by implementing NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems…
source

Cross-jurisdiction comparison

How peer instruments treat the topics DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) governs.

Cross-jurisdiction coverage of the 2 topics governed by DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting), compared with 37 peer instruments
Topic	EU-AIA-2024	US-EO-14110	US-EO-14179	UK-WHITEPAPER-2023	CN-GENAI-2023	G7-HIROSHIMA	OECD-AI-PRIN	COE-AI-CONV	UN-RES-2024	NIST-AI-RMF	BLETCHLEY-2023	SEOUL-2024	NIST-AI-RMF-GENAI	CA-SB-1047	IN-DPDP-2023	BR-AIBILL-2024	ASEAN-AI-GUIDE-2024	AU-AI-STRATEGY-2024	ANTHROPIC-RSP-2024°	OPENAI-PREPAREDNESS-2023°	DEEPMIND-FSF-2024°	META-FRONTIER-2024°	UK-US-AISI-MOU-2024	WH-VOLUNTARY-2023	SG-MODEL-AI-2024	JP-METI-AI-2024	NYC-LL-144-2021	CO-SB-24-205	IL-HB-3773-2024	EU-GDPR-2016	EU-GPAI-COP-2025	EU-AIA-DELEGATED-ART51	OMB-M-24-10	GSA-AI-GUIDE-2024	FAR-PART-39	DOD-RAI-2022	FEDRAMP-AI-2024
Training-Data Rights	implicit	silent	silent	silent	governs	silent	silent	implicit	silent	implicit	silent	silent	governs	silent	governs	implicit	silent	implicit	silent	silent	silent	implicit	silent	silent	silent	implicit	silent	silent	silent	governs	governs	silent	silent	implicit	implicit	silent	implicit
National Security Carveouts in AI Regulation	governs	governs	silent	implicit	silent	silent	silent	governs	silent	silent	silent	silent	silent	silent	implicit	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	implicit	implicit	governs	implicit

°= industry self-imposed voluntary framework. Comparing a voluntary code's "governs" tint with a binding regulation's "governs" tint flattens the legal-force distinction; use the instrument-page banner for the operative status of each.

How to cite this article

APA 7

Policy Window. (2020). DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) [Wiki article — Instrument]. https://policywindow.org/wiki/dfars-252-204

Chicago 17

Policy Window. 2020. "DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)." Wiki article (Instrument). https://policywindow.org/wiki/dfars-252-204.

BibTeX

@misc{policywindow-dfars-252-204,
  title  = {DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)},
  author = {Policy Window},
  year   = {2020},
  howpublished = {Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.},
  url    = {https://policywindow.org/wiki/dfars-252-204},
  note   = {Primary source: https://www.acquisition.gov/dfars/subpart-204.73-safeguarding-covered-defense-information-and-cyber-incident-reporting}
}

References

Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.
252.204-7012 — AI-system source code, model weights, training data fall within Covered Defense Information scope when the underlying contract designates these as CDI; foundation-model artefacts are CDI through the standard contract designation pathway
Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS
252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)
252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime

Cite this article

6 formats · 1-click copy

@misc{policywindow-dfars-252-204,
  title  = {DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)},
  author = {Policy Window},
  year   = {2020},
  howpublished = {Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.},
  url    = {https://policywindow.org/wiki/dfars-252-204},
  note   = {Primary source: https://www.acquisition.gov/dfars/subpart-204.73-safeguarding-covered-defense-information-and-cyber-incident-reporting}
}

Verify the year + paste-and-refine. Primary source linked in BibTeX/RIS note.

Permalink downloads.bib .ris .csl.json

Persistent identifier: https://policywindow.org/wiki/dfars-252-204 — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.

Track this article

Save DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) to your local reading list, follow the RSS changelog for any catalog change, or compare with a peer article. All three work without signup.

Subscribe via RSS Compare with another article

Source: Edit on GitHub (search for `DFARS-252-204`)

Spotted a stale fact or missing source? Report a problem with this page →

Per-audience views

Provisions →Article-by-article obligation breakdown for procurement + RFP authors.
Disclosure form →Vendor-disclosure questionnaire derived from this instrument's operative obligations.
Harm narratives →Documented harms relevant to this instrument's topics, for civil-society advocacy.
Briefing pack →Journalist-ready summary with quotes + dates + primary-source links.

Scope and obligations

DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) addresses 2 contested AI-governance topics explicitly, 2 via general principles,.

Topics governed

implicit

Foundation Models / GPAI— 252.204-7012 — AI-system source code, model weights, training data fall within Covered Defense Information scope when the underlying contract designates these as CDI; foundation-model artefacts are CDI through the standard contract designation pathway

implicit

Compute-Threshold Reporting— Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS

governs

Training-Data Rights— 252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)

Art. 252.204-7012(c)paraphrase

When the Contractor discovers a cyber incident that affects a covered contractor information system … the Contractor shall … rapidly report cyber incidents to DoD … within 72 hours of discovery.

source

governs

National Security Carveouts in AI Regulation— 252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime

Art. 252.204-7012(b)paraphrase

The Contractor shall provide adequate security on all covered contractor information systems … by implementing NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems…

source

Cross-jurisdiction comparison

How peer instruments treat the topics DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) governs.

Cross-jurisdiction coverage of the 2 topics governed by DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting), compared with 37 peer instruments
Topic	EU-AIA-2024	US-EO-14110	US-EO-14179	UK-WHITEPAPER-2023	CN-GENAI-2023	G7-HIROSHIMA	OECD-AI-PRIN	COE-AI-CONV	UN-RES-2024	NIST-AI-RMF	BLETCHLEY-2023	SEOUL-2024	NIST-AI-RMF-GENAI	CA-SB-1047	IN-DPDP-2023	BR-AIBILL-2024	ASEAN-AI-GUIDE-2024	AU-AI-STRATEGY-2024	ANTHROPIC-RSP-2024°	OPENAI-PREPAREDNESS-2023°	DEEPMIND-FSF-2024°	META-FRONTIER-2024°	UK-US-AISI-MOU-2024	WH-VOLUNTARY-2023	SG-MODEL-AI-2024	JP-METI-AI-2024	NYC-LL-144-2021	CO-SB-24-205	IL-HB-3773-2024	EU-GDPR-2016	EU-GPAI-COP-2025	EU-AIA-DELEGATED-ART51	OMB-M-24-10	GSA-AI-GUIDE-2024	FAR-PART-39	DOD-RAI-2022	FEDRAMP-AI-2024
Training-Data Rights	implicit	silent	silent	silent	governs	silent	silent	implicit	silent	implicit	silent	silent	governs	silent	governs	implicit	silent	implicit	silent	silent	silent	implicit	silent	silent	silent	implicit	silent	silent	silent	governs	governs	silent	silent	implicit	implicit	silent	implicit
National Security Carveouts in AI Regulation	governs	governs	silent	implicit	silent	silent	silent	governs	silent	silent	silent	silent	silent	silent	implicit	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	silent	implicit	implicit	governs	implicit

How to cite this article

APA 7

Policy Window. (2020). DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting) [Wiki article — Instrument]. https://policywindow.org/wiki/dfars-252-204

Chicago 17

Policy Window. 2020. "DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)." Wiki article (Instrument). https://policywindow.org/wiki/dfars-252-204.

BibTeX

@misc{policywindow-dfars-252-204,
  title  = {DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)},
  author = {Policy Window},
  year   = {2020},
  howpublished = {Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.},
  url    = {https://policywindow.org/wiki/dfars-252-204},
  note   = {Primary source: https://www.acquisition.gov/dfars/subpart-204.73-safeguarding-covered-defense-information-and-cyber-incident-reporting}
}

References

Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.

252.204-7012 — AI-system source code, model weights, training data fall within Covered Defense Information scope when the underlying contract designates these as CDI; foundation-model artefacts are CDI through the standard contract designation pathway

Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS

252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)

252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime

Per-audience views

Provisions →Article-by-article obligation breakdown for procurement + RFP authors.

Disclosure form →Vendor-disclosure questionnaire derived from this instrument's operative obligations.

Harm narratives →Documented harms relevant to this instrument's topics, for civil-society advocacy.

Briefing pack →Journalist-ready summary with quotes + dates + primary-source links.

[1] Defense Federal Acquisition Regulation Supplement, Subpart 204.73 + clauses 252.204-7012 (Safeguarding Covered Defense Information), 252.204-7019/-7020/-7021 (CMMC) (48 C.F.R. ch. 2). Current consolidated subpart per the DoD Procurement Toolbox + acquisition.gov.

[2] 252.204-7012 — AI-system source code, model weights, training data fall within Covered Defense Information scope when the underlying contract designates these as CDI; foundation-model artefacts are CDI through the standard contract designation pathway

[3] Cyber-incident reporting under 252.204-7012(c) — 72-hour DoD notification covers AI-system compromise events including model-weight theft + prompt-injection-based credential exposure; broader AI-use disclosure flows through M-24-10 not DFARS

[4] 252.204-7012 — training-data sets stored on covered contractor information systems require NIST SP 800-171 implementation when designated CDI; data-spill / exfiltration events trigger 72-hour cyber-incident reporting under 252.204-7012(c)

[5] 252.204-7012 + CMMC clauses (-7019/-7020/-7021) are the operative national-security-overlay framework for defence-acquisition information security; the subpart IS the carveout regime