Saturday, 7 November 2015

Expanding Cybersecurity Safeguarding Requirements, Reporting Obligations, and Cloud-Based Security: A Brief Guide to Understanding DoD’s Interim Rule for Contractors

The United States Department of Defense promulgated an “interim” rule, effective August 26, 2015, which placed imposing and costly burdens on all DoD contractors and subcontractors (including small businesses and commercial item contractors) in the areas of cybersecurity and cloud-based security. See 80 Fed. Reg. 51,739 (August 26, 2015). The public comment period ended in late October and reflects the frustrations and concerns many in the DoD contracting community are having in understanding and implementing its requirements.

What follows is a brief synopsis of said rule’s two key components: (1) safeguarding “covered defense information” and reporting cyber incidents; and (2) cloud computing. Although the changes are wide in scope, industry would be well-advised to also pay attention to: (1) the more precise 72-hour cyber incident reporting procedures (now found at DFARS 204.7302(a)(1) and clause 252.204-7012(c)); (2) the reporting requirements of all subcontractors (now found at DFARS 204.7302(a)(2)); and (3) and the inclusion of new contractual clauses when covered defense information is at issue (now found at DFARS 204.7304). For the full article click here 



from cyber security caucus http://ift.tt/1RE015O
via IFTTT

No comments:

Post a Comment