From: Lexology

Harry L. Clark and Aravind Swaminathan | Orrick, Herrington & Sutcliffe LLP

Overview

The United States Department of Defense (“DoD”) recently published two new rules that impose broader obligations to safeguard information that falls within specified categories of sensitive data and to report cyber incidents to the government.  These rules generally apply to companies that have been awarded new DoD procurement contracts, that hold subcontracts under such DoD contracts, or, in some cases, that have been awarded other types of agreements with DoD.  The rules:

  • expand contractors’ and subcontractors’ safeguarding responsibilities and obligations to report and investigate cyber threats;
  • modify the scope of data that contractors and subcontractors must safeguard and the universe of contractors and subcontractors to which the requirements apply;

Read Complete Article