DOD proposes systems security amendment to DFARS

The Defense Department plans to remind its acquisition workers that they must adhere to two new policies for securing systems and networks.

DOD acquisition officials need to comply with directives 8500.1 and 8500.2 when buying technology, according to a proposed amendment to the Defense Federal Acquisition Regulation Supplement that addresses information assurance requirements related to IT acquisition.

Both directives implement the National Security Telecommunications and Information Systems Security Committee's Policy No. 11, which requires information assurance be added to all Defense systems used to enter, process, display or transmit national security information.

'For all acquisitions, the requiring activity is responsible for providing to the contracting officer statements of work, specifications or statements of objectives that meet information assurance requirements,' said the proposal, which the department released Friday.

The directives also require that vendors provide or use IT that has been accredited as meeting the appropriate requirements. Vendors must submit documentation proving accreditation.

The government can choose to 'conduct additional tests to ensure that IT delivered under a contract satisfies the information assurance standards,' the amendment added.

Directive 8500.2, released in February, is the second part of a strategy to address the changing systems security needs within the department. DOD issued the first part, 8500.1, in October. The directives create a framework for DOD to follow to protect its information systems.

The policies cover several areas, including access control and firewall protection. They also place Defense systems in four categories:

  • Automated applications enclaves, which include networks

  • Outsourced IT

  • Platform IT interconnections, such as weapons systems

  • Sensors.

  • DOD will accept comments about the proposed amendment until July 22.


    • Records management: Look beyond the NARA mandates

      Pandemic tests electronic records management

      Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

    • boy learning at home (Travelpixs/

      Tucson’s community wireless bridges the digital divide

      The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

    Stay Connected