DOD considers adding security to acquisition regs

The Defense Department has proposed changes to its acquisition rules that would specify minimum levels of security that contractors must provide for sensitive but unclassified DOD information in their systems.

The proposal, published in the June 29 Federal Register, would add new contract clauses to the Defense Federal Acquisition Regulations Supplement to address information security.

“The DFARS does not presently address the safeguarding of unclassified DOD information within industry, nor does it address cyber intrusion reporting for that information,” the Federal Register notice states. The changes would define classes of covered information and outline two levels of required security for them.

Related coverage:

Cyber bill's FISMA mandate could be a step backward 

NIST releases 'historic' final version of Special Publication 800-53

Basic safeguarding would require implementation of “first-level protection measures” to “deter unauthorized disclosure, loss or exfiltration.” These measures would include not processing or posting government information on public computers, transmitting it only with the “best level of security and privacy available,” and using intrusion protection.

Enhanced safeguards would include the encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting. The enhanced level would require, at a minimum, the controls specified by the National Institute of Standards and Technology in Special Publication 800-53, "Recommended Security Controls for Federal Information Systems and Organizations," which outlines requirements for civilian agencies under the Federal Information Security Management Act.

Comments on the proposed rules should be submitted by Aug. 29 through the Federal eRulemaking Portal, by e-mail to [email protected] with “DFARS Case 2011–D039” in the subject line, by fax to 703–602–0350, or by mail to Defense Acquisition Regulations System, Attn: Mr. Julian Thrash, OUSD(AT&L)DPAP(DARS), Room 3B855, 3060 Defense Pentagon, Washington, DC 20301–3060.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected