DoD Seeks to Amend DFARS to Include Cybersecurity Requirements for Contractors

Photo: Sergey Minaev

A proposed rule published yesterday would require government contractors whose information systems contain unclassified Defense Department information to protect that information from hackers and notify DoD of any breaches, Federal Computer Weeks reports.

DoD wants to add a new clause to the Defense Federal Acquisition Regulation Supplement to deal with the handling of unclassified information, a Federal Register notice said. Currently, the DFARS does not address the safeguarding of unclassified DoD information within industry, nor does it address cyber intrusion reporting for that information, the notice said.

The  proposed rule would implement adequate security measures to protect unclassified DoD information within contractor information systems from unauthorized access and disclosure, the notice said, and require contractors to notify DoD about “certain cyber intrusion events” that have an impact on DoD information resident on or moving through contractor unclassified information systems.

DoD invites comments from small businesses and other interested parties on the expected impact of this rule on small entities. Comments are due Aug. 29.

Related posts:

1. NIST Seeks Comments on Cybersecurity, Innovations and Internet Economy Report
2. NIST Seeks Input on Overhauled Catalog for Federal Information Systems
3. Bipartisan Cyber Legislation To Include Increased Emphasis on Training and Certification, Ditch Presidential Emergency Powers
4. CSC Wins $30 Million Air Force Cybersecurity Deal
5. DHS Seeks Cyber Warrior Interns