A proposed rule published yesterday would require government contractors whose information systems contain unclassified Defense Department information to protect that information from hackers and notify DoD of any breaches, Federal Computer Weeks reports.
DoD wants to add a new clause to the Defense Federal Acquisition Regulation Supplement to deal with the handling of unclassified information, a Federal Register notice said. Currently, the DFARS does not address the safeguarding of unclassified DoD information within industry, nor does it address cyber intrusion reporting for that information, the notice said.
The proposed rule would implement adequate security measures to protect unclassified DoD information within contractor information systems from unauthorized access and disclosure, the notice said, and require contractors to notify DoD about “certain cyber intrusion events” that have an impact on DoD information resident on or moving through contractor unclassified information systems.
DoD invites comments from small businesses and other interested parties on the expected impact of this rule on small entities. Comments are due Aug. 29.