New Rules Signal Cybersecurity as Priority for Government and Contractors

January 06, 2014, 10:44 AM

The Department of Defense (DoD) issued two rules at the end of 2013 that reflect the Governments growing concern for cybersecurity in the acquisition process. A final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) aims to safeguard unclassified, controlled technical information (UCTI). 78 Fed. Reg. 69873, 11/18/13. The rule requires contractors to file a report with DoD within 72 hours of discovering a cyber incident that affects UCTI. The rule also requires contractors to provide adequate security to safeguard UCTI from compromise. Contractors must implement security controls under standards issued by the National Institute of Standards and Technology. A second interim rule authorizes the DoD to consider the impact of supply chain risk in certain procurements related to national security systems. Under the rule, the DOD can exclude from its procurement sources a contractor which fails to meet supply chain risk qualification standards or fails to achieve an acceptable rating for supply chain risk. 78 Fed. Reg. 69268, 11/18/13. For more information, please contract Karla J. Soloria.