The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Government Contracting News / DOD considers adding security to acquisition regs

July 20, 2011 By AMK

DOD considers adding security to acquisition regs

The Defense Department has proposed changes to its acquisition rules that would specify minimum levels of security that contractors must provide for sensitive but unclassified DOD information in their systems.

The proposal, published in the June 29 Federal Register, would add new contract clauses to the Defense Federal Acquisition Regulations Supplement to address information security.

“The DFARS does not presently address the safeguarding of unclassified DOD information within industry, nor does it address cyber intrusion reporting for that information,” the Federal Register notice states. The changes would define classes of covered information and outline two levels of required security for them.

Basic safeguarding would require implementation of “first-level protection measures” to “deter unauthorized disclosure, loss or exfiltration.” These measures would include not processing or posting government information on public computers, transmitting it only with the “best level of security and privacy available,” and using intrusion protection.

Enhanced safeguards would include the encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting. The enhanced level would require, at a minimum, the controls specified by the National Institute of Standards and Technology in Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” which outlines requirements for civilian agencies under the Federal Information Security Management Act.

Comments on the proposed rules should be submitted by Aug. 29 through the Federal eRulemaking Portal, by e-mail to dfars@osd.mil with “DFARS Case 2011–D039” in the subject line, by fax to 703–602–0350, or by mail to Defense Acquisition Regulations System, Attn: Mr. Julian Thrash, OUSD(AT&L)DPAP(DARS), Room 3B855, 3060 Defense Pentagon, Washington, DC 20301–3060.

— About the Author: William Jackson is a senior writer for Government Computer News and the author of the CyberEye column.  Published 7/8/11 at http://gcn.com/articles/2011/07/11/cybereye-box-dfars-reg.aspx?s=gcndaily_110711

Filed Under: Government Contracting News Tagged With: acquisition strategy, DFARS, DoD, security

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute