Federal Register | Defense Federal Acquisition Regulation Supplement; Safeguarding Unclassified DoD Information (DFARS Case 2011-D039)

Federal Register | Defense Federal Acquisition Regulation Supplement; Safeguarding Unclassified DoD Information (DFARS Case 2011-D039)

The DFARS does not presently address the safeguarding of unclassified DoD information within industry, nor does it address cyber intrusion reporting for that information. DoD published an Advance Notice of Proposed Rulemaking (ANPR), and notice of public meeting in the Federal Register at 75 FR 9563 on March 3, 2010, to provide the public an opportunity for input into the initial rulemaking process. The ANPR addressed basic and enhanced safeguarding procedures for the protection of DoD information.Show citation box

The purpose of this proposed DFARS rule is to implement adequate security measures to safeguard unclassified DoD information within contractor information systems from unauthorized access and disclosure, and to prescribe reporting to DoD with regard to certain cyber intrusion events that affect DoD information resident on or transiting through contractor unclassified information systems. This rule addresses the safeguarding requirements specified in Executive Order 13556, Controlled Unclassified Information. On-going efforts, currently being led by the National Archives and Records Administration regarding controlled unclassified information, may also require future DFARS revisions in this area. This case does not address procedures for Government sharing of cyber security threat information with industry; this issue will be addressed separately through follow-on rulemaking procedures as appropriate.Show citation box

This proposed rule addresses basic and enhanced safeguarding requirements, including cyber incident reporting,