From: Washington Post/Capital Business
Contracting advocates say the final version of Pentagon regulations governing how to protect unclassified information housed on contractor systems is much narrower and clearer than an earlier version of the rule that had generated concerns.
The regulation requires companies to take precautions to secure certain data and report cyber intrusions that result in the loss of certain unclassified Pentagon information.
But the new version limits the covered information to unclassified controlled technical information, meaning technical data, computer software and other technical information, rather than a much broader set of information.
“This does apply to all contractors at all levels of subcontracting,” said Ronald D. Lee, a partner who specializes in government contracting and national security at Arnold & Porter. “It’s something that the entire contractor base needs to sit up and be aware of.”
The Defense Department’s top acquisition official last month said the rule will help ensure that adversaries don’t have access to the military’s technical information.
“Defense contractors throughout the department’s supply chain have been targeted by cyber criminals attempting to steal unclassified technical data,” Frank Kendall said in a statement. “We cannot continue to give our potential adversaries the benefits in time and money they obtain by stealing this type of information.”
Contracting advocates and attorneys had criticized an earlier version of the regulation, arguing it was far too vague and would create a significant cost burden for companies.
Leave a Reply