This DFARS case implements the
tracking and reporting of incursions on contractor information
technology networks that process DoD information. The purpose is to
assess the methods of loss, to better understand the impact of a
loss, to facilitate sharing and collaboration, and to standardize
procedures for tracking and reporting network intrusions.
The Office of the
Assistance Secretary of Defense for Acquisition, Technology and
Acquisition (OASD(AT&L) Defense Procurement and Acquisition
Policy (DPAP) / Defense Acquisition Regulations System (DARS) is
submitting the subject requirement for emergency review and
approval. This action is necessitated due to the increased
attention to cyber security related issues, highlighted by
legislation such as section 941, ?Reports to Department of Defense
on penetrations of networks and information systems of certain
contractors,? of the National Defense Authorization Act for Fiscal
Year 2013. Defense Federal Acquisition Regulation Supplement
(DFARS) final rule 2011-D039, entitled Safeguarding Unclassified
Controlled Technical Information implements controls to safeguard
unclassified controlled technical information and imposes new
information collection requirements on DoD contractors. This
information collection has been assigned OMB control number
0704-0478. There have previously been two public comment periods
for this final rule, in a 2010 advanced notice of proposed
rulemaking (ANPR) and a 2011 Proposed Rule. DoD has revised the
rule in response to public concerns and effectively narrowed the
rule to the minimum requirements acceptable to DoD. Absent
implementation of this final rule, DoD will continue to lack the
means to implement consistent information security controls across
DoD contracts, leading to burdensome, inconsistent requirements for
Defense contractors. This is part of DoD?s effort to enhance the
protection of DoD information. Finally, this rule also partially
implements the NDAA for FY2013 section 941 requirement to mandate
contractor reporting of information created by or for DoD that has
been potentially compromised by a penetration of a contractor
network. OUSD(AT&L) DPAP/DARS has coordinated this submission
with the OMB Clearance Officer, Ms. Patricia Toppings.
Frederick Licari 571 372-0493
