DFARS clause 252.204-7012 was structured to ensure that controlled unclassified DoD information residing on a contractor’s internal information system is safeguarded from cyber incidents and that any consequences associated with the loss of this information are assessed and minimized via the cyber incident reporting and damage assessment processes. In addition, by providing a single DoD-wide approach to safeguarding covered contractor information systems, the clause prevents the proliferation of safeguarding controlled unclassified information clauses and contract language by the various entities across DoD.

Source: Frequently Asked Questions (FAQs) regarding the implementation of DFARS Subpart 204.73 and PGI Subpart 204.73 DFARS Subpart 239.76, and PGI Subpart 239.76 FAQ REVISION, April 2, 2018 rev 1 1