Predictably, the biggest impact will be on small businesses. On June 29, 2011 the Department of Defense (D0D) proposed revisions to the Defense Federal Acquisition Regulation Supplement (DFARS)that will require defense contractors to protect unclassified DoD information and to report any “cyber attacks”. The proposed rule is in response to Executive Order 13556 dated November 4, 2010 that requires Executive Agencies to develop and implement a program designed to prevent the unauthorized dissemination of “controlled but unclassified” information.
DoD will require contractors to implement “basic safeguarding” or “enhanced safeguarding” depending on the nature of the information. Enhanced safeguarding will require contractors to notify DoD within 72 hours after discovery of a “cyber incident”. DoD does not believe compliance with the basic safeguarding requirements will be costly as most companies already have such data protections in place. On the other hand, information subject to enhanced safeguarding will require more sophisticated protections. While many large business have already implemented such enhanced data security practices may small companies have not. DoD estimates that approximately 75% of their small business contractors hold information that will be subject to enhanced protection and that most of them will incur additional costs in order to meet the new more stringent data security requirements.
In view of the impending regulations, contractors should review their information technology safeguards to determine if they will comply with the new standards. Contractors should also closely monitor these new requirements during the rule making process and submit comments as appropriate. Comments on the proposed rule are due by August 29, 2011. Please see Venable LLC’s excellent post on this subject for more details including definitions.
Leave a comment
You must be logged in to post a comment.
What We Are Writing
- A Marriage of Inconvenience: GSA Schedule Contracts & The Contractor Code of Business Ethics & Conduct Clause
- Emerging Small Businesses: To Grow Your Business, You Must Plan For Growth
- Government Contracting: Look Before You Leap!
- GSA Schedules – Strategies for Success
- New Employee vs. Independent Contractor Considerations
- Pay on Display – Understanding the Executive Compensation and Subcontractor Data Reporting Requirements & Ramifications
- The GSA Schedule: Your Ticket to the Federal Market (May 2010)
- The New FAR Codes of Conduct and Compliance Program Provisions
- The Seven Deadly Sins (of contract compliance)