DOD proposes systems security amendment to DFARS

The Defense Department plans to remind its acquisition workers that they must adhere to two new policies for securing systems and networks.

DOD acquisition officials need to comply with directives 8500.1 and 8500.2 when buying technology, according to a proposed amendment to the Defense Federal Acquisition Regulation Supplement that addresses information assurance requirements related to IT acquisition.

Both directives implement the National Security Telecommunications and Information Systems Security Committee's Policy No. 11, which requires information assurance be added to all Defense systems used to enter, process, display or transmit national security information.

'For all acquisitions, the requiring activity is responsible for providing to the contracting officer statements of work, specifications or statements of objectives that meet information assurance requirements,' said the proposal, which the department released Friday.

The directives also require that vendors provide or use IT that has been accredited as meeting the appropriate requirements. Vendors must submit documentation proving accreditation.

The government can choose to 'conduct additional tests to ensure that IT delivered under a contract satisfies the information assurance standards,' the amendment added.

Directive 8500.2, released in February, is the second part of a strategy to address the changing systems security needs within the department. DOD issued the first part, 8500.1, in October. The directives create a framework for DOD to follow to protect its information systems.

The policies cover several areas, including access control and firewall protection. They also place Defense systems in four categories:

  • Automated applications enclaves, which include networks


  • Outsourced IT


  • Platform IT interconnections, such as weapons systems


  • Sensors.


  • DOD will accept comments about the proposed amendment until July 22.

    inside gcn

    • digital model of city (Shutterstock.com)

      Why you need a digital twin

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group