RIX Industries Flow Downs

8/20/2020

Description:

CYBER SECURITY AND INCIDENT REPORTING:

Clause:

CYBER SECURITY AND INCIDENT REPORTING: If DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, is applicable to purchase orders issued by Buyer. Seller shall be responsible for the following in addition to those requirements specified in the above DFARS clause: (a) As defined therein, the Seller shall rapidly report cyber incidents to the DoD at http://dibnet.dod.mil and the Buyer, providing the requisite information required under the clause. (b) Without exception, any cyber incident the Seller encounters shall be reported to Buyer as soon as practicable within 72 hours of discovery of an incident. (c) In the event of a data breach, Buyer shall be afforded unfettered access to certain technical information (e.g., logs, packet flow information, etc.). This information will be required to satisfy Buyer’s customer information requests. (d) Failure to report or provide these notices will be considered a material breach of this Order In further support of this requirement, should Buyer elect to utilize supplier checklists, representations or certifications of compliance, outside vendor verification, and/or onsite security audits, Seller shall support as required to meet the continuing needs of Buyer’s customer.