DOD proposes systems security amendment to DFARS

The Defense Department plans to remind its acquisition workers that they must adhere to two new policies for securing systems and networks.

DOD acquisition officials need to comply with directives 8500.1 and 8500.2 when buying technology, according to a proposed amendment to the Defense Federal Acquisition Regulation Supplement that addresses information assurance requirements related to IT acquisition.

Both directives implement the National Security Telecommunications and Information Systems Security Committee's Policy No. 11, which requires information assurance be added to all Defense systems used to enter, process, display or transmit national security information.

'For all acquisitions, the requiring activity is responsible for providing to the contracting officer statements of work, specifications or statements of objectives that meet information assurance requirements,' said the proposal, which the department released Friday.

The directives also require that vendors provide or use IT that has been accredited as meeting the appropriate requirements. Vendors must submit documentation proving accreditation.

The government can choose to 'conduct additional tests to ensure that IT delivered under a contract satisfies the information assurance standards,' the amendment added.

Directive 8500.2, released in February, is the second part of a strategy to address the changing systems security needs within the department. DOD issued the first part, 8500.1, in October. The directives create a framework for DOD to follow to protect its information systems.

The policies cover several areas, including access control and firewall protection. They also place Defense systems in four categories:

  • Automated applications enclaves, which include networks

  • Outsourced IT

  • Platform IT interconnections, such as weapons systems

  • Sensors.

  • DOD will accept comments about the proposed amendment until July 22.


    • Records management: Look beyond the NARA mandates

      Records management is about to get harder

      New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

    • puzzled employee (fizkes/

      Phish Scale: Weighing the threat from email scammers

      The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

    Stay Connected

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.