New Data Breach Rules for Defense Contractors


The Pentagon has posted new regulations in the Federal Register on data breach notification.  In part these new rules require defense contractors to:

  report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support.

The regulations implement statutory language in the National Defense Authorization Act of 2013 requiring data breach notification.  The regs also implement Defense Department (DoD) policy for the use of cloud computing services including getting prior approval from DoD before utilizing cloud services.

See:  Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

Leave a Reply