DOD proposes new cybersecurity requirements for contractors

Changes to acquisition regulation include notifying DOD of cyber breaches

Federal contractors whose information systems contain unclassified Defense Department information would have to safeguard that information from unauthorized access and notify DOD of any breaches under a proposed rule published today.

DOD wants to amend the Defense Federal Acquisition Regulation Supplement to add new clauses that deal with handling unclassified information, a Federal Register notice states. Public comments are due by Aug. 29.


Related stories:

Defense bill would include cyber warfare designations

Navy: Faster acquisition key to cyber defense


The proposed rule stipulates basic requirements for security that apply to information that is designated as critical program information, subject to export controls, exempt from mandatory public disclosure, bearing a designation of controlled access and dissemination, or personally identifiable, the notice states.

DOD officials believe the proposed rule could have an economic impact on more than 48,000 small businesses, but the extent would be less than 1 percent of revenue for each business, they said.

The rule would require contractors and subcontractors to provide adequate information security for unclassified DOD information held on their systems or moving through their systems.

Contractors must also report cyber incidents that affect the unclassified information, but those reports will not be taken as proof of failure to provide adequate security, the notice states.

“A cyber incident that is properly reported by the contractor shall not, by itself, be interpreted as evidence that the contractor has failed to provide adequate information safeguards for DOD unclassified information or has otherwise failed to meet the requirements of the clause,” the notice states.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.