|View EO 12866 Meetings||Printer-Friendly Version Download RIN Data in XML|
|DOD/OS||RIN: 0790-AJ29||Publication ID: Fall 2016|
|Title: Department of Defense (DoD)-Defense Industrial Base (DIB) Cybersecurity (CS) Activities|
The final rule responded to public comments to the interim final rule published on October 2, 2015. The rule implemented statutory requirements for DoD contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor's ability to provide operationally critical support.
The mandatory reporting applies to all forms of agreements between DoD and DIB companies (contracts, grants, cooperative agreements, other transaction agreements, technology investment agreements, and any other type of legal instrument or agreement). The revisions are part of DoD's effects to establish a single reporting mechanism for such cyber incidents on unclassified DoD contractor networks or information systems. Reporting under this rule does not abrogate the contractor's responsibility for any other applicable cyber incident reporting requirement. Cyber incident reporting involving classified information on classified contractor systems will be in accordance with the National Industrial Security Program Operating Manual (DoD-M 5220.22 (http://dtic.mil/whs/directives/corres/pdf/522022M.pdf).
The rule also addressed the voluntary DIB CS information sharing program that is outside the scope of the mandatory reporting requirements. By modifying the eligibility critiera for the DIB CS program, the rule enabled greater participation in the voluntary program. Expanding participation in the DIB CS program is part of DoD's comprehensive approach to counter cyber threats through information sharing between the Government and DIB participants.
|Agency: Department of Defense(DOD)||Priority: Other Significant|
|RIN Status: Previously published in the Unified Agenda||Agenda Stage of Rulemaking: Final Rule Stage|
|Major: No||Unfunded Mandates: No|
|EO 13771 Designation: uncollected|
|CFR Citation: 32 CFR 236|
|Legal Authority: 10 U.S.C. 391 10 U.S.C. 393 10 U.S.C. 2224 44 U.S.C. 3506 44 U.S.C. 3544 50 U.S.C. 3330|
|Regulatory Flexibility Analysis Required: No||Government Levels Affected: None|
|Small Entities Affected: No||Federalism: No|
|Included in the Regulatory Plan: No|
|RIN Data Printed in the FR: No|
Vicki D. Michetti
Director Policy and Partnerships, DoD CIO
Department of Defense
Office of the Secretary
6000 Defense Pentagon, Room 3D1048,
Washington, DC 20301-6000