Thursday, March 30, 2023

OMB Approves DOD DIB Cybersecurity NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a DOD notice of proposed rulemaking (NPRM) for “Department of Defense (DoD)-Defense Industrial Base (DIB) Cybersecurity (CS) Activities”. The NPRM was submitted to OIRA on December 7th, 2022.

According to the Fall 2022 Unified Agenda entry for this rulemaking:

“The DIB CS Program currently provides cyber threat information to cleared defense contractors. Proposed revisions would allow all defense contractors who process, store, develop, or transit DoD controlled unclassified information to be eligible for the program and to  receive cyber threat information. Expanding participation will allow a broader community of defense contractors to participate in the DIB CS Program and is  in alignment with the National Defense Strategy.”

That entry further notes:

“Participation in the voluntary DIB CS Program enables DoD contractors to access Government Furnished Information and collaborate with the DoD Cyber Crime Center (DC3) to better respond to and mitigate cyber threats. In order to join the DIB CS Program, there is an initial labor burden to apply to the program and provide point of contact information which is estimated to take 20 minutes per company. In addition, there is a cost for defense contractors to voluntarily share cyber indicator information. DoD estimates that each response will take a respondent two hours to complete. The costs are under review as part of 0704-0489 and 0704-0490. For DIB participants, this program provides cyber threat information and technical assistance through analyst-to-analyst exchanges, mitigation and remediation strategies, and cybersecurity best practices in a collaborative environment for participating companies.”

This NPRM will probably be printed in the Federal Register next week.

No comments:

/* Use this with templates/template-twocol.html */