Home / News / Defense Contractors will be Held to Higher Cyber Standards

Defense Contractors will be Held to Higher Cyber Standards

Defense contractors will soon be held to the same cybersecurity standards that the Defense Department has implemented  in recent years, according to a top IT official at the Pentagon.

“The cyberthreat is not going away; we have to defend our networks and systems, and you’re part of that defense,” acting DOD CIO John Zangardi said Friday. “DOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department’s networks.”

“Safeguarding Covered Defense Information and Cyber Incident Reporting,”a new DOD regulation, will go into effect for how contractors respond to and report cyber incidents., and defense contractors have until the end of calendar year 2017 to begin complying.

At an event for vendors that work with DOD, Zangardi said that the updated regulations will be “critical” for ensuring the safety of “information we put out there, that you receive or that you develop in support of DOD’s warfighting mission is protected.”

“We can’t expect anything less in this current environment,” he added. “This is the thing that gets us to where we want to be in terms of protecting our data.”

“Protecting this information saves warfighter lives,” he said.

Defense information is “unclassified controlled technical information or other information” as described in the National Archive and Records Administration’s Controlled Unclassified Information (CUI) Registry “that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies,” according to a new acquisition regulation final rule passed in October 2016.

Contractors will be expected to at minimum comply with the National Institute of Standards and Technology’s Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” for information held on their networks or systems, and follow cybersecurity guidance on multifactor authentication and cyber-incident response.

 

Check Also

NGA Deputy Director Stacey Dixon Receives 2020 Wash100 Award From Jim Garrettson, CEO of Executive Mosaic

Jim Garrettson, found and CEO of Executive Mosaic, presented Dr. Stacey Dixon, deputy director of the National Geospatial-Intelligence Agency (NGA), her first Wash100 Award as a part of the 2020 selection on Wednesday

Teresa Carlson, AWS Worldwide Public Sector VP, Named to 2020 Wash100 for Cloud Innovation, Business Expansion and New Educational Platforms

Executive Mosaic is honored to present Teresa Carlson, vice president of the worldwide public sector business at Amazon Web Services, as an inductee into the 2020 edition of the Wash100 Award for driving cloud innovation, expanding AWS' influence and advocating for cloud computing education within Virginia schools.