CMMC

Josef Kamara, CPA, CISSP, CISA · Updated May 2, 2026 · 1 minute read

Adequate Security

A DFARS 252.204-7012 term of art meaning protective measures commensurate with the consequences and probability of loss, misuse, or unauthorized access to covered defense information. The clause establishes implementation of NIST SP 800-171 as the minimum baseline that satisfies the adequate security obligation; anything less must be approved in writing by the DoD CIO.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.