DOD considers adding security to acquisition regs

The Defense Department has proposed changes to its acquisition rules that would specify minimum levels of security that contractors must provide for sensitive but unclassified DOD information in their systems.

The proposal, published in the June 29 Federal Register, would add new contract clauses to the Defense Federal Acquisition Regulations Supplement to address information security.

“The DFARS does not presently address the safeguarding of unclassified DOD information within industry, nor does it address cyber intrusion reporting for that information,” the Federal Register notice states. The changes would define classes of covered information and outline two levels of required security for them.

Related coverage:

Cyber bill's FISMA mandate could be a step backward 

NIST releases 'historic' final version of Special Publication 800-53

Basic safeguarding would require implementation of “first-level protection measures” to “deter unauthorized disclosure, loss or exfiltration.” These measures would include not processing or posting government information on public computers, transmitting it only with the “best level of security and privacy available,” and using intrusion protection.

Enhanced safeguards would include the encryption of data for storage and transmission, network protection and intrusion detection, and cyber intrusion reporting. The enhanced level would require, at a minimum, the controls specified by the National Institute of Standards and Technology in Special Publication 800-53, "Recommended Security Controls for Federal Information Systems and Organizations," which outlines requirements for civilian agencies under the Federal Information Security Management Act.

Comments on the proposed rules should be submitted by Aug. 29 through the Federal eRulemaking Portal, by e-mail to [email protected] with “DFARS Case 2011–D039” in the subject line, by fax to 703–602–0350, or by mail to Defense Acquisition Regulations System, Attn: Mr. Julian Thrash, OUSD(AT&L)DPAP(DARS), Room 3B855, 3060 Defense Pentagon, Washington, DC 20301–3060.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected