NDIA Turns to FortneyScott for Compliance Guide for DoD New Cyber Security Rule

National Defense
Industrial Association, a leader in defense and national security, has
published an article
co-authored by FortneyScott’s Susan Ebner, offering compliance guidance in response
to the recently issued Department of Defense (DoD) cyber
security rule
.  The rule requires
contractors to comply with 110 specific network security requirements for
safeguarding covered defense information (CDI) that is processed, stored, or
transmitted through “covered contractor information systems.”  Contractors that would provide “operationally
critical support” are also required to comply with the rule.  If you are a
covered contractor, you can obtain an extension to December 31, 2017 for your
compliance with the rule’s requirements.  Ebner notes “this extension
offers contractors a unique opportunity to assess their systems and become
compliant so that they can continue to respond to solicitations.”  In the article, Ebner outlines plans to
assess CDI systems and provides guidelines for compliance. 

Takeaways: 

  • To obtain that extension, however, you must
    notify the DoD Chief Information Officer (“CIO”) within 30 days of contract
    award of the requirements that you have not yet
    implemented.
  • Solicitations and contracts for the acquisition
    of commercial off-the-shelf supplies are exempt from compliance with this rule.
    Different versions of this DoD cyber clause, and still other Federal
    Acquisition Regulation (“FAR”) and agency cyber clauses, may be in your contract
    and may establish different immediate and longer term requirements.
  • Develop a plan to determine which clauses are in
    your contract.
  • Develop a plan for meeting immediate and longer
    term compliance, review and reporting obligations.
  • If you are subject to the newly issued DoD
    clause, act promptly in order to obtain an extension to the time for compliance
    with its security requirements.
  • Establish your cybersecurity response team so
    you can take the right steps to meet your security compliance and reporting
    obligations.


Contact Susan Ebner or your FortneyScott
attorney if you have questions about which clauses apply to you and what you
are required to do.