July 8 2011 Copyright 2011 Business Research Services Inc. 301-229-5561 All rights reserved.
Defense Contract Awards Procurement Watch Links to Prior Issues |
Teaming Opportunities Recently Certified 8(a)s |
Recent 8(a) Contract Awards Washington Insider Calendar of Events |
Defense Wants New Safeguards for Unclassified Data A proposed rule would require many small defense contractors to beef up their cybersecurity protection. According to the notice in the June 28 Federal Register, the Defense Department wants “a basic and an enhanced level of information protection” by all contractors that handle unclassified government information. Contractors would be required to report to the government on any intrusion into their computer systems. The department estimates the average cost to a small business would be around 0.5% of revenues. It expects nearly 49,000 small contractors would be subject to the new requirements, about three-fourths of the small firms that do business with DOD. In a comment during the rulemaking process, the Aerospace Industries Association raised concerns about the cost of compliance. The requirements would apply to contractors that handle information that is: •designated critical or critical program information;
At a minimum, contractors must employ anti-virus, anti-spyware protection that is regularly updated and must comply with the security controls recommended by the National Institute of Standards, available in NIST publication SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations’’ (http://csrc.nist.gov/publications/PubsSPs.html). “The objective of this rule is for DOD to avoid compromise of unclassified computer networks on which DOD information is resident on or transiting through contractor information systems, and to prevent the exfiltration of DOD information on such systems,” the Defense Acquisition Regulation Council said. The proposed rule is DFARS Case 2011-D039. Comments are due Aug. 29.
|