DOD Proposed New Cybersecurity Rules

Mar.08.2010

On March 3, DoD issued a notice of, and requested comments on, proposed rules levying information security requirements for safeguarding unclassified "DoD information" and reporting security breaches when contractors and subcontractors may have such information "resident on or transiting" their information systems. The proposed rule not only mandates that contractors "shall provide adequate security to safeguard DoD information," but also (1) requires flowdown to subcontractors; (2) establishes extreme standards in some areas (e.g., "best level of security and privacy available"); (3) incorporates National Institute of Standards and Technology (NIST) standards in some areas, but not others; and (4) acknowledges that the contractor will still need to comply with all other applicable security standards, such as "CPI, PII, For Official Use Only, Privacy Act, ITAR, EAR, and HIPAA."

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

David Z. Bodenheimer
Partner – Washington, D.C.
Phone: +1 202.624.2713
Email: dbodenheimer@crowell.com

Alan W. H. Gourley
Partner – Washington, D.C., London
Phone: +1 202.624.2561 , +44.20.7413.0011
Email: agourley@crowell.com

Puja Satiani
Counsel – Washington, D.C.
Phone: +1 202.624.2500
Email: psatiani@crowell.com

Adelicia R. Cliffe
Partner – Washington, D.C.
Phone: +1 202.624.2816
Email: acliffe@crowell.com

Download Printable PDF

Social Media & Blogs

Search NewsRoom

Media Contacts −+

DOD Proposed New Cybersecurity Rules

Find a Professional