All Alerts & Newsletters

DOD Proposed New Cybersecurity Rules

Mar.08.2010

On March 3, DoD issued a notice of, and requested comments on, proposed rules levying information security requirements for safeguarding unclassified "DoD information" and reporting security breaches when contractors and subcontractors may have such information "resident on or transiting" their information systems. The proposed rule not only mandates that contractors "shall provide adequate security to safeguard DoD information," but also (1) requires flowdown to subcontractors; (2) establishes extreme standards in some areas (e.g., "best level of security and privacy available"); (3) incorporates National Institute of Standards and Technology (NIST) standards in some areas, but not others; and (4) acknowledges that the contractor will still need to comply with all other applicable security standards, such as "CPI, PII, For Official Use Only, Privacy Act, ITAR, EAR, and HIPAA."

Email Twitter LinkedIn Facebook Google+

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

David Z. Bodenheimer
Partner – Washington, D.C.
Phone: +1 202.624.2713
Email: dbodenheimer@crowell.com

Alan W. H. Gourley
Partner – Washington, D.C., London
Phone: +1 202.624.2561 , +44.20.7413.1342
Email: agourley@crowell.com

Adelicia R. Cliffe
Counsel – Washington, D.C.
Phone: +1 202.624.2816
Email: acliffe@crowell.com