Hello, Guest!

Defense Contractors will be Held to Higher Cyber Standards


Defense contractors will soon be held to the same cybersecurity standards that the Defense Department has implemented  in recent years, according to a top IT official at the Pentagon.

œThe cyberthreat is not going away; we have to defend our networks and systems, and you™re part of that defense, acting DOD CIO John Zangardi said Friday. œDOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department™s networks.

œSafeguarding Covered Defense Information and Cyber Incident Reporting,a new DOD regulation, will go into effect for how contractors respond to and report cyber incidents., and defense contractors have until the end of calendar year 2017 to begin complying.

At an event for vendors that work with DOD, Zangardi said that the updated regulations will be “critical” for ensuring the safety of “information we put out there, that you receive or that you develop in support of DOD™s warfighting mission is protected.

œWe can™t expect anything less in this current environment,” he added. œThis is the thing that gets us to where we want to be in terms of protecting our data.”

œProtecting this information saves warfighter lives, he said.

Defense information is œunclassified controlled technical information or other information as described in the National Archive and Records Administration™s Controlled Unclassified Information (CUI) Registry œthat requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies,” according to a new acquisition regulation final rule passed in October 2016.

Contractors will be expected to at minimum comply with the National Institute of Standards and Technology’s Special Publication 800-171, œProtecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations for information held on their networks or systems, and follow cybersecurity guidance on multifactor authentication and cyber-incident response.

 

Video of the Day