This CLE webinar will examine and explain the recently released Department of Defense (DoD) interim rule, Safeguarding Covered Defense Information and Cyber Incident Reporting, and its implications for government contractors and subcontractors. The panel will outline expanded requirements for contractor information system security, cyber incident reporting and the use of cloud computing services, and suggested next steps to ensure compliance.
On Aug. 26, 2015, the DoD released an interim rule implementing certain provisions of the 2013 and 2015 National Defense Authorization Acts. The rule, effective immediately for DoD contractors and subcontractors of all sizes, significantly expands contractors' cybersecurity responsibilities and accountability. It outlines contractor information system security requirements, "cyber incident" reporting mandates, and cloud computing standards and procedures.
Under the rule, contractors must provide "adequate security" for "covered defense information." The rule also requires contractors to report "cyber incidents" involving "covered defense information" within 72 hours of discovery. In addition, the rule implements new policies and procedures for contractors using cloud computing services to ensure uniform application of cloud services across all DoD contractors and subcontractors.
DoD is accepting comments on the interim rule until Oct. 26, 2015. Counsel representing DoD contractors and subcontractors must understand the new requirements and their implications in order to prepare their clients to comply with the expanded duties and obligations, as well as to provide advice on submitting comments.
Listen as our authoritative panel of government contracts attorneys discusses the impact of the new DoD cybersecurity rule for contractors and subcontractors and compliance best practices.