New Data Breach Rules for Defense Contractors

FederalRegister

The Pentagon has posted new regulations in the Federal Register on data breach notification.  In part these new rules require defense contractors to:

  report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support.

The regulations implement statutory language in the National Defense Authorization Act of 2013 requiring data breach notification.  The regs also implement Defense Department (DoD) policy for the use of cloud computing services including getting prior approval from DoD before utilizing cloud services.

See:  Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s