From: Inside Counsel
Contractors and counsel can help mitigate risk through a true understanding of a company’s source of supply
By David Fagan, Susan Cassidy, Caitlin Meade
The cybersecurity landscape
Through the launch of the Comprehensive National Cybersecurity Initiative (CNCI) in early 2008, the U.S. Government recognized the vulnerability of the nation’s information and communication technology (ICT) to cyber intrusions and attacks. Despite this early recognition, there are still no comprehensive government-wide requirements for addressing cybersecurity risks. Instead, a patchwork of individual regulations and guidance has emerged, led primarily by the Department of Defense (DoD), the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST). The piecemeal regulations that do exist often place much of the burden—and much of the additional risk—on government contractors.
The DoD has been at the forefront of these cybersecurity efforts, promulgating, for example, DFARS 252.204-7012, Safeguarding Unclassified Controlled Technical Information (UCTI), which imposes safeguarding and reporting requirements on contractors that have UCTI resident on or transiting through their information systems, and DFARS 246.870, Detection and Avoidance of Counterfeit Electronic Parts, which focuses on traditional manufacturing supply chain concerns, such as counterfeit or nonconforming parts.
Leave a Reply