Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Supply chain security
DOD has issued new cyber incident reporting requirements on its contractors and subcontractors (see below) that include flow-down liability for sub-tier contractors. The effort is aimed at protecting DoD’s supply chain and its resident sensitive data related to intellectual property, manufacturing capacity and capability and product/platform integrity. Is anyone experiencing technical implementation challenges with the new rules in terms of new protocols and controls required to meet the mandate? In particular, how are IoT and cloud technologies (leveraged for enhanced manufacturing) presenting security challenges that make meeting the new protocols more difficult?
DFARS 252.204-7012 requires cyber incident reporting when a contractor or subcontractor discovers that actions taken through the use of computer networks have resulted in a compromise or an actual or potentially adverse effect on a covered IT system and/or the covered defense information residing within that covered IT system. The regulation provides a detailed process for investigating and reporting the cyber incident to the DoD and the prime contractor (or next higher-tier subcontractor). In order to report cyber incidents, DoD contractors if they have not already done so, must obtain a DoD-approved medium assurance certificate.
You must be logged in to reply to this topic.