PRIA Logo
Start Free Watch
2026-00544Notice

DoD Urges Quick Cyber Incident Reports from Defense Contractors

Published Date: 1/14/2026

Notice

Summary

If you’re a business working with the Department of Defense, you need to report any cyber incidents and cloud computing issues quickly. This update reminds contractors about the rules and asks for public comments by January 14, 2026. Reporting helps keep defense info safe, and it usually takes less than half an hour per report.

Analyzed Economic Effects

4 provisions identified: 0 benefits, 4 costs, 0 mixed.

Mandatory DoD Cyber Incident Reporting

If you do business with the Department of Defense, you must report cyber incidents that affect covered contractor information systems, covered defense information, or your ability to perform work designated as operationally critical support. The notice lists 1,971 affected respondents, about 16,223 annual responses, an average burden of 0.42 hours per response, and a total annual burden of 6,770 hours; DoD will accept comments through January 14, 2026.

Must Explain Deviations from NIST SP 800-171

If you propose in a solicitation to vary from any National Institute of Standards and Technology (NIST) Special Publication 800-171 security control, you must submit a written explanation to the contracting officer saying why the control is not applicable or what alternative protects the information.

Cloud Use Representation Requirement

Offerors must state in a solicitation whether they "anticipate" or "do not anticipate" using cloud computing services in contract performance; this representation notifies contracting officers whether DFARS cloud requirements may apply.

Cloud Services Cyber Incident Reports Required

When DoD purchases cloud computing services, the DFARS cloud clause (252.239-7010) requires reporting cyber incidents that occur within those cloud services. Contractors providing cloud services to DoD must submit those cyber incident reports as required by the clause.

Your PRIA Score

Score Hidden

Personalized for You

How does this regulation affect your finances?

Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.

Free to start

Key Dates

Published Date
Comments Due
1/14/2026
1/14/2026

Department and Agencies

Department
Independent Agency
Agency
Defense Department
Defense Acquisition Regulations System
Source: View HTML
Back to Federal Register

Take It Personal

Get Your Personalized Policy View

Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.

Already have an account? Sign in