WASHINGTON (CN) – The Department of Defense plans to make changes to the Defense Federal Acquisition Regulation Supplement to address requirements for the safeguarding of unclassified information.
The changes would add a new subpart and associated contract clauses for the protection, proper handling and cyber intrusion reporting of unclassified Defense Department information within industry.
One clause would require contractors to protect Defense information from unauthorized disclosure, loss, or exfiltration by employing basic information technology security measures. The other would require enhanced information technology security measures applicable to encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting.
The department requests input from government and industry regarding “best practices” for protecting networks and data, experience with any of the proposed safeguards, and an evaluation of its value. A public meeting is planned for April.