View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
DOD/DARC | RIN: 0750-AI61 | Publication ID: Spring 2016 |
Title: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018) | |
Abstract:
DoD is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement section 941 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 and section 1632 of the NDAA for FY 2015, both of which require contractor reporting on network penetrations. Section 941 requires cleared defense contractors to report penetrations of networks and information systems and allows DoD personnel access to equipment and information to assess the impact of reported penetrations. Section 1632 requires that a contractor designated as operationally critical must report each time a cyber-incident occurs on that contractor’s network or information systems. The rule requires contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor's ability to provide operationally critical support. This rule also implements policy on the purchase of cloud computing services. DoD expects this rule may have a significant economic impact on a substantial number of small entitite. The revisions to this rule will be reported in future status updates as part of DoD's retrospective plan under Executive Order 13563, completed in August 2011. DoD's full plan can be accessed at: http://www.regulations.gov/#!docketDetail;D=DOD-2011-OS-0036. |
|
Agency: Department of Defense(DOD) | Priority: Other Significant |
RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
Major: No | Unfunded Mandates: No |
CFR Citation: 48 CFR 202 48 CFR 204 48 CFR 212 48 CFR 239 48 CFR 252 ... (To search for a specific CFR, visit the Code of Federal Regulations.) | |
Legal Authority: 41 U.S.C.1303 41 U.S.C. 1707 Pub. L. 112-239, sec. 941 Pub. L. 113-291, sec. 1632 |
Legal Deadline:
None |
||||||||||||||||||||||||||||||
Timetable:
|
Regulatory Flexibility Analysis Required: No | Government Levels Affected: Federal |
Small Entities Affected: Businesses | Federalism: No |
Included in the Regulatory Plan: Yes | |
RIN Data Printed in the FR: No | |
Agency Contact: Jennifer Hawes Defense Acquisition Regulations System Department of Defense 3060 Defense Pentagon, Room 3B941, Washington, DC 20301-3060 Phone:571 372-6115 Email: jennifer.l.hawes2.civ@mail.mil |