View Rule
View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
DOD/OS | RIN: 0790-AK86 | Publication ID: Fall 2022 |
Title: Department of Defense (DoD)-Defense Industrial Base (DIB) Cybersecurity (CS) Activities | |
Abstract:
The DIB CS Program currently provides cyber threat information to cleared defense contractors. Proposed revisions would allow all defense contractors who process, store, develop, or transit DoD controlled unclassified information to be eligible for the program and to receive cyber threat information. Expanding participation will allow a broader community of defense contractors to participate in the DIB CS Program and is in alignment with the National Defense Strategy. |
|
Agency: Department of Defense(DOD) | Priority: Other Significant |
RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Proposed Rule Stage |
Major: No | Unfunded Mandates: No |
CFR Citation: 32 CFR 236 | |
Legal Authority: 10 U.S.C. 391 10 U.S.C. 2224 44 U.S.C. 3541 10 U.S.C. 393 |
Legal Deadline:
None |
||||||
Statement of Need: The unauthorized access and compromise of DoD unclassified information and operations poses an imminent threat to U.S. national security and economic security interests and contractors are being targeted on a daily basis. Many of these contractors are small and medium size contractors that can benefit from partnering with DoD to enhance and supplement their cybersecurity capabilities. |
||||||
Summary of the Legal Basis: This revised regulation supports the Administration’s effort to promote public-private cyber collaboration by expanding eligibility for the DIB CS voluntary cyber threat information sharing program to all defense contractors. This regulation aligns with DoD’s statutory responsibilities for cybersecurity engagement with those contractors supporting the Department. |
||||||
Alternatives: (1) No action alternative: Maintain status quo with the ongoing voluntary cybersecurity program for cleared contractors. (2) Next best alternative: DoD posts generic cyber threat information and cybersecurity best practices on a public accessible website without directly engaging participating companies.
|
||||||
Anticipated Costs and Benefits: Participation in the voluntary DIB CS Program enables DoD contractors to access Government Furnished Information and collaborate with the DoD Cyber Crime Center (DC3) to better respond to and mitigate cyber threats. In order to join the DIB CS Program, there is an initial labor burden to apply to the program and provide point of contact information which is estimated to take 20 minutes per company. In addition, there is a cost for defense contractors to voluntarily share cyber indicator information. DoD estimates that each response will take a respondent two hours to complete. The costs are under review as part of 0704-0489 and 0704-0490. For DIB participants, this program provides cyber threat information and technical assistance through analyst-to-analyst exchanges, mitigation and remediation strategies, and cybersecurity best practices in a collaborative environment for participating companies.
|
||||||
Risks: Threats to unclassified information systems represent a risk of compromise of DoD information and mission. This threat is particularly acute for small and medium size companies with less mature cybersecurity capabilities. Through collaboration with DoD and the sharing with other contractors in the DIB CS Program, defense contractors will be better prepared to mitigate the cyber risk they face today and in the future. |
||||||
Timetable:
|
Regulatory Flexibility Analysis Required: No | Government Levels Affected: Federal |
Small Entities Affected: No | Federalism: No |
Included in the Regulatory Plan: Yes | |
RIN Data Printed in the FR: No | |
Agency Contact: McKay Tolboe Director, Cybersecurity Policy and Partnerships CIO Department of Defense Office of the Secretary 4800 Mark Center, Alexandria, VA 22311 Phone:571 372-4640 Email: mckay.r.tolboe.civ@mail.mil |