Does DFARS 252.204-7012 apply to AI systems handling CUI?

Yes — if a contractor's AI system stores, processes, or transmits Covered Defense Information / CUI, DFARS 252.204-7012 applies, requiring NIST SP 800-171 safeguarding and rapid (72-hour) cyber-incident reporting. The AI component is in scope like any other…

register 09 · Compliance pins· DFARS 252.204-7012
01 ·

Answer.

Authorization / clearance regime · DFARS 252.204-7012.

Yes — if a contractor's AI system stores, processes, or transmits Covered Defense Information / CUI, DFARS 252.204-7012 applies, requiring NIST SP 800-171 safeguarding and rapid (72-hour) cyber-incident reporting. The AI component is in scope like any other system touching CUI. Planisphere can supply reproducible behaviour evidence for the AI's 800-171-relevant controls; it does not handle incident reporting or assert full clause compliance for you.

02 ·

The mark behind the answer.

DFARS 252.204-7012 is an authorization gate: a package an authorizing official signs before the system may operate, plus…

CUI handling · 72-hour breach reporting.

→ Full reference for DFARS 252.204-7012

Prepare evidence for DFARS 252.204-7012 review.

First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.