DOD has issued new cyber incident reporting requirements on its contractors and subcontractors (see below) that include flow-down liability for sub-tier contractors. The effort is aimed at protecting DoD’s supply chain and its resident sensitive data related to intellectual property, manufacturing capacity and capability and product/platform integrity. Is anyone experiencing technical implementation challenges with the new rules in terms of new protocols and controls required to meet the mandate? In particular, how are IoT and cloud technologies (leveraged for enhanced manufacturing) presenting security challenges that make meeting the new protocols more difficult?

https://www.reedsmith.com/en/perspectives/2017/03/dfars-safeguarding-covered-defense-information-and

DFARS 252.204-7012 requires cyber incident reporting when a contractor or subcontractor discovers that actions taken through the use of computer networks have resulted in a compromise or an actual or potentially adverse effect on a covered IT system and/or the covered defense information residing within that covered IT system. The regulation provides a detailed process for investigating and reporting the cyber incident to the DoD and the prime contractor (or next higher-tier subcontractor). In order to report cyber incidents, DoD contractors if they have not already done so, must obtain a DoD-approved medium assurance certificate.

• This topic was modified 7 months, 2 weeks ago by  jreade.
• This topic was modified 7 months, 2 weeks ago by  jreade. Reason: Changed link to open in new Tab

Topic