• DOD Seeks To Protect DOD Information On Unclassified Contractor Computer Systems
  • April 14, 2010 | Authors: Caitlin Keegan Cloonan; Steven S. Diamond; Ronald D. Lee; Nancy L. Perkins; Ronald A. Schechter
  • Law Firms: Arnold & Porter LLP - McLean Office ; Arnold & Porter LLP - Washington Office
  • The US Department of Defense (DOD) has proposed new rules to establish baseline requirements for safeguarding unclassified DOD information currently housed or transmitted on its contractors’ and subcontractors’ computer systems. On March 3, 2010, DOD issued an advance notice of proposed rulemaking (ANPR) and notice of public meeting. The ANPR discussed possible changes to the Defense Federal Acquisition Regulation Supplement (DFARS) that would add new requirements for the safeguarding and proper handling of unclassified DOD information. The proposed rules would apply to all DOD prime contractors and all subcontractors at any tier, regardless of the amount of the prime contract or subcontract. The rules would supplement and expand existing DOD regulations, directives, and contract requirements which obligate contractors to safeguard DOD information and Personally Identifiable Information (PII). Under the proposed rules, contractors and subcontractors would be required to provide adequate security to protect unclassified DOD information on their information systems. In addition, contractors and subcontractors would have to report cybersecurity breaches for certain kinds of information to DOD. Once the rule is finalized, these regulatory requirements will appear as DFARS provisions to be included in DOD solicitations and contracts. DOD may also revise existing contracts to incorporate these new requirements. www.arnoldporter.com