DOD proposes new cybersecurity requirements for contractors

Changes to acquisition regulation include notifying DOD of cyber breaches

Federal contractors whose information systems contain unclassified Defense Department information would have to safeguard that information from unauthorized access and notify DOD of any breaches under a proposed rule published today.

DOD wants to amend the Defense Federal Acquisition Regulation Supplement to add new clauses that deal with handling unclassified information, a Federal Register notice states. Public comments are due by Aug. 29.


Related stories:

Defense bill would include cyber warfare designations

Navy: Faster acquisition key to cyber defense


The proposed rule stipulates basic requirements for security that apply to information that is designated as critical program information, subject to export controls, exempt from mandatory public disclosure, bearing a designation of controlled access and dissemination, or personally identifiable, the notice states.

DOD officials believe the proposed rule could have an economic impact on more than 48,000 small businesses, but the extent would be less than 1 percent of revenue for each business, they said.

The rule would require contractors and subcontractors to provide adequate information security for unclassified DOD information held on their systems or moving through their systems.

Contractors must also report cyber incidents that affect the unclassified information, but those reports will not be taken as proof of failure to provide adequate security, the notice states.

“A cyber incident that is properly reported by the contractor shall not, by itself, be interpreted as evidence that the contractor has failed to provide adequate information safeguards for DOD unclassified information or has otherwise failed to meet the requirements of the clause,” the notice states.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group