Home / News / Defense Contractors will be Held to Higher Cyber Standards

Defense Contractors will be Held to Higher Cyber Standards

Defense contractors will soon be held to the same cybersecurity standards that the Defense Department has implemented  in recent years, according to a top IT official at the Pentagon.

“The cyberthreat is not going away; we have to defend our networks and systems, and you’re part of that defense,” acting DOD CIO John Zangardi said Friday. “DOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department’s networks.”

“Safeguarding Covered Defense Information and Cyber Incident Reporting,”a new DOD regulation, will go into effect for how contractors respond to and report cyber incidents., and defense contractors have until the end of calendar year 2017 to begin complying.

At an event for vendors that work with DOD, Zangardi said that the updated regulations will be “critical” for ensuring the safety of “information we put out there, that you receive or that you develop in support of DOD’s warfighting mission is protected.”

“We can’t expect anything less in this current environment,” he added. “This is the thing that gets us to where we want to be in terms of protecting our data.”

“Protecting this information saves warfighter lives,” he said.

Defense information is “unclassified controlled technical information or other information” as described in the National Archive and Records Administration’s Controlled Unclassified Information (CUI) Registry “that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies,” according to a new acquisition regulation final rule passed in October 2016.

Contractors will be expected to at minimum comply with the National Institute of Standards and Technology’s Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” for information held on their networks or systems, and follow cybersecurity guidance on multifactor authentication and cyber-incident response.

 

Check Also

Cybercom Taps Recorded Future for Threat Analysis Service

Recorded Future has landed a $50M production-other transaction agreement with U.S. Cyber Command  to help federal customers analyze threats in real time. The company said Thursday it will also produce commercial threat reports to aid Cybercom personnel in managing and securing the Department of Defense Information Network.

Lockheed Lands $233M Navy Missile Launcher Component Supply Contract

The U.S. Navy has awarded Lockheed Martin (NYSE: LMT) a potential five-year, $233M contract to provide  missile launcher modules to the service branch and three countries to fullfill foreign military sales requirements.