WASHINGTON (CN) – The Defense Department plans to address requirements for safeguarding unclassified defense industry information.
Proposed changes to the Defense Federal Acquisition Regulation Supplement would add a new subpart and associated contract clauses for the safeguarding, proper handling and cyber intrusion reporting of unclassified Defense Department information within industries that contract to supply the military.
One clause would require contractors to protect defense information from unauthorized disclosure, loss, or exfiltration by employing basic information technology security measures. The other would require enhanced information technology security measures applicable to encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting.
The department requests input from government and industry regarding “best practices” for protecting networks and data, experience with any of the proposed safeguards, and an evaluation of its value. A public meeting is planned for April.