Contractors face new cyber regs from DOD

Changes to acquisition regulation include notifying DOD of cyber breaches

Federal contractors whose information systems contain unclassified Defense Department information would have to safeguard that information from unauthorized access and notify DOD of any breaches under a proposed rule published this week.

DOD wants to amend the Defense Federal Acquisition Regulation Supplement to add new clauses that deal with handling unclassified information, a Federal Register notice states. Public comments are due by Aug. 29.


Related stories:

Defense bill would include cyber warfare designations

Navy: Faster acquisition key to cyber defense


The proposed rule stipulates basic requirements for security that apply to information that is designated as critical program information, subject to export controls, exempt from mandatory public disclosure, bearing a designation of controlled access and dissemination, or personally identifiable, the notice states.

DOD officials believe the proposed rule could have an economic impact on more than 48,000 small businesses, but the extent would be less than 1 percent of revenue for each business, they said.

The rule would require contractors and subcontractors to provide adequate information security for unclassified DOD information held on their systems or moving through their systems.

Contractors must also report cyber incidents that affect the unclassified information, but those reports will not be taken as proof of failure to provide adequate security, the notice states.

“A cyber incident that is properly reported by the contractor shall not, by itself, be interpreted as evidence that the contractor has failed to provide adequate information safeguards for DOD unclassified information or has otherwise failed to meet the requirements of the clause,” the notice states.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!