DFARS Compliance/CDI Security Policy
Peerless Electronics Inc. (“Peerless”) supports the safeguarding of covered defense information and taking reasonable adequate security measures based on DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The following definitions have the following meanings when used in this policy:
“Compromise” means the disclosure of CDI that is on Peerless CDI Information System to unauthorized persons, or a violation of Peerless DFARS Information Security Policy #C0002, in which unauthorized intentional or unintentional disclosure, modification, destruction or loss of CDI, or the copying of CDI to unauthorized media may have occurred.
“COTS Parts” means any part or technology that is available on the open market and Peerless’ catalog parts.
“Covered Defense Information” or “CDI” means information that satisfy both 1 and 2 below:
1. The following types of information:
a. Technical information within the meaning of the DFARS Clause that has military or space application that is produced by or for the Department of Defense and is subject to government controls and marked with a Distribution Statement; and
b. CUI; and
2. Such information is marked with a Distribution Statement or the words “CUI” or “Controlled” and is provided to Peerless in support of the performance of a DoD Contract.
“CUI” means information contained on the controlled unclassified information registry, maintained by the National Archives and Record Administration located at https://www.archives.gov/cui/registry/category-list.html, that requires dissemination controls and has been marked by the U.S. Government as either “CUI” or “Controlled.”
“Cyber Incident” means actions taken through the use of computer networks that result in (1) a Compromise or (2) an actual or potentially adverse effect on Peerless CDI Information System and/or the CDI residing therein.
“DFARS Clause” means DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
“Distribution Statement”. A type of marking placed on DoD documents restricting their distribution to certain entities consisting of distribution statements B through F as set forth in DoD instruction 5230.24 and the marking should contain the words “Distribution Statement [**]” and “Distribution Authorized to [**].” **Insertion of appropriate letter reference or entity in accordance with DoD instruction 5230.24.
“DoD Contract” means a prime contract with the Department of Defense (“DoD”) or U.S. Military, or a sub-contract on behalf of the DoD or U.S. Military, that contains a flow-down provision pursuant to paragraph (m) of the DFARS Clause and is for Non-COTS Parts.
“Non-COTS Parts” means parts that are not COTS Parts or parts that are not Peerless catalog parts.
“Peerless CDI Information System” means the separate encrypted CDI volume of Peerless’ information system that collects, processes, stores and transmits CDI.
“Portal” means a secure portal between Peerless and a customer for the purpose of enabling CDI to be sent to Peerless pursuant to protocols and terms mutually agreeable between Peerless and that customer.
Declarations, Assumptions and Qualifications
Peerless’ declarations and certifications concerning compliance with the DFARS Clause is based on and subject to the following, which will control in the event of a conflict or inconsistency in a separate document:
1. Peerless’ compliance with the DFARS Clause is limited to CDI that is provided to Peerless in support of the performance of a DoD Contract for Non-COTS Parts pursuant to a Portal.
2. Peerless will comply with paragraph c of the DFARS Clause regarding cyber incident reporting, provided and only to the extent there is a Cyber Incident.
Inquiries concerning DFARS Compliance/CDI Security Policy?