DoD has announced an amendment to the Defense Federal Acquisition Supplement that will require defense contractors to incorporate established information security standards on their unclassified networks, and to report cyber-intrusion incidents that result in the loss of unclassified “controlled” technical information from them.
The department said a wide range of defense contractors have been targeted by cyber criminals attempting to steal unclassified technical data and that the new standards are an essential step – one of many follow-on actions to an October 10 memo calling for stronger protections of unclassified controlled technical information (involving defense systems requirements, concepts of operations, technologies, designs, engineering, production and manufacturing capabilities).
The amendment applies to all new contracts that will use or generate technical information and can be found here: http://www.regulations.gov/#!documentDetail;D=DARS_FRDOC_0001-0658