Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the DOD’s Defense Acquisition Regulatory Council (DARC) on “Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)”. An interim final rule on this issue was published on September 29th, 2020.
According to the Fall 2023 Unified Agenda entry for this rulemaking:
“DoD is amending an interim rule to implement the CMMC framework 2.0 in order to protect against the theft of intellectual property and sensitive information from the Defense Industrial Base (DIB) sector. The CMMC framework, as defined in Title 32 of the Code of Federal Regulations (CFR), assesses compliance with applicable information security requirements. This rule provides the Department with assurances that a DIB contractor can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.”
That Agenda entry also notes that:
“The theft of intellectual property
and sensitive information from all U.S. industrial sectors due to malicious
cyber activity threatens economic security and national security. Malicious cyber actors have and continue to
target the DIB sector and the supply chain of the Department of Defense. These
attacks not only focus on the large prime contractors, but also target
subcontractors that make up the lower tiers of the DoD supply chain. Many of
these subcontractors are small entities that provide critical support and
innovation. The aggregate loss of intellectual property and certain
unclassified information from the DoD supply chain can undercut U.S. technical
advantages and innovation, as well as significantly increase risk to national
security.”
No comments:
Post a Comment