DFARS 252.204-7009Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information
Overview
This clause restricts how the government may use or disclose cyber incident information reported by contractors under DFARS 252.204-7012. It protects contractor proprietary information submitted during cyber incident reporting and limits government sharing to authorized purposes only.
When Does This Apply?
Applies to all DoD contracts where the government receives cyber incident information from contractors under the 7012 reporting requirements.
Key Requirements
- 1Government may not use contractor cyber incident data for regulatory enforcement
- 2Restricts disclosure of proprietary contractor information
- 3Protects contractor trade secrets in incident reports
Flowdown to Subcontractors
No — DFARS 252.204-7009 does not flow down to subcontractors. This clause applies only to the prime contractor.
Frequently Asked Questions
What is DFARS 252.204-7009?
DFARS 252.204-7009 (Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information) This clause restricts how the government may use or disclose cyber incident information reported by contractors under DFARS 252.204-7012. It protects contractor proprietary information submitted durin
Does DFARS 252.204-7009 flow down to subcontractors?
No, DFARS 252.204-7009 does not flow down to subcontractors. This clause applies only to the prime contractor.
When does DFARS 252.204-7009 apply?
Applies to all DoD contracts where the government receives cyber incident information from contractors under the 7012 reporting requirements.
Related Guides
Stay compliant with DFARS 252.204-7009
Cabrillo Club automates compliance tracking and alerts you when DFARS clauses are amended.
Join Free