ITAA working on Army RFI response

The Information Technology Association of America is developing a response to a Defense Department request for information on protecting controlled unclassified information (CUI).

The RFI, issued in late August, is part of an Army effort to determine the capabilities industry could provide in protecting information as it is acquired, processed, transferred and stored.

CUI is defined as information that does not meet the standards for national security classification but is still important to the national interests of the United States or other entities and is protected by law or policy from unauthorized disclosure.

"They're in the information-gathering stage," said Trey Hodgkins, ITAA's vice president of federal government programs. "Part of the problem is there's not a lot of detail. They want us to help define a requirement, and we're not even sure what the goal is. That makes it harder to respond."

Hodgkins is working on a draft response for ITAA members to consider and said he is not likely to have final comments ready for submission until just before the Oct. 6 deadline.

Industry leaders are concerned that building information-protection measures into contracts could make them more costly for companies to fulfill, Hodgkins said.

"We're concerned that the requirements may become some sort of a market inhibitor," he said. "We don't want to see that, obviously. We don't want it to be so onerous that a small or mid-size company wouldn't be able to comply."

According to the RFI, the Army's program executive office intends to incorporate CUI protection into future acquisitions. ITAA members are concerned that DOD and civilian agencies could follow suit.

To view the RFI, go to the FedBizOpps Web site at www.fbo.gov and search for Solicitation No. GSC-TFMG-08-RX02.

Michael Hardy writes for Federal Computer Week, an 1105 Government Information Group publication.