Skip to Main Navigation. Each navigation link will open a list of sub navigation links.

Skip to Main Content

Apply to the University of Wyoming apply now

Global Resource Navigation

Visit Campus
Download UW Viewbook
Give to UW

Wyoming Business Tips for June 4-10

May 26, 2017

A weekly look at Wyoming business questions from the Wyoming Small Business Development Center (WSBDC), part of WyomingEntrepreneur.Biz, a collection of business assistance programs at the University of Wyoming.

By Andrea Lewis, WSBDC procurement specialist

“I want to do contract work for the Department of Defense, and I have been hearing about cybersecurity regulations. Can you explain them?” Joe, Cheyenne

If your company is a Department of Defense (DOD) contractor or subcontractor, the Department of Defense cyber requirements are something that you will need to understand and comply with by Dec. 31. The purpose of this article is not to go into detail about the requirements, but to alert business owners to their existence and where to find more information.

Cyber threats are on the increase and cost companies a lot of money. Impacts are downtime, loss of revenue, reputational damage and loss of customers. Most cyberattacks (89 percent) have a financial or an espionage motive. Weak, default or stolen passwords are the cause of 64 percent of confirmed data breaches.

Having to comply with the regulations depends on what type of contract you have with the DOD and, if within that contract, certain clauses are listed. Commercial items that are bought “off the shelf” -- no customization -- generally are not required to have the clauses in their contracts. Agricultural bulk products and petroleum products are subject to the regulations.

In general, the DOD clauses require contractors to safeguard certain information that is either on their internal systems or networks, or passing through their systems or networks. The clauses also require the contractor to report cyber incidents that either affect certain information or that affect the contractor’s ability to perform “operationally critical support” requirements.

The contractor also is required to submit any malicious software discovered that was “isolated in connection with a reported cyber incident” to the DOD Cyber Crime Center. If requested by the DOD, the contractor also needs to “submit media and additional information for damage assessment.”

The definition of information that needs to be protected is past the scope of this tip. However, the regulations that define it can be found at DFARS Regulations (review DFARS clauses 252.204-7008 and 252.204-7012).

DOD has several programs, both regulatory and voluntary, to improve cybersecurity. The agency is using the National Institute of Standards and Technology special publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” as a framework for companies to follow when developing cybersecurity programs.

If you are doing business with the DOD, take the time to understand its cybersecurity rules and regulations, and be aware that implementation is due at the end of the year.

For more information, call the WSBDC Network Procurement Technical Assistance Center at (307) 772-7372 or email

A blog version of this article and an opportunity to post comments are available at

The WSBDC is a partnership of the U.S. Small Business Administration, the Wyoming Business Council and the University of Wyoming. To ask a question, call 1-800-348-5194, email, or write 1000 E. University Ave., Dept. 3922, Laramie, WY, 82071-3922.

Contact Us

Institutional Communications

Bureau of Mines Building, Room 137


Laramie, WY 82071

Phone: (307) 766-2929


Find us on Facebook (Link opens a new window) Find us on Twitter (Link opens a new window)

1000 E. University Ave. Laramie, WY 82071
UW Operators (307) 766-1121 | Contact Us | Download Adobe Reader

Accreditation | Virtual Tour | Emergency Preparedness | Employment at UW | Gainful Employment | Privacy Policy | Harassment & Discrimination | Accessibility Accessibility information icon