The Defense Department last week sent to the White House its interim rule on contractor cyber-incident reporting, another step toward codifying requirements that went into effect last year. The rules require the reporting of a data beach that results in an actual or potential “adverse effect” and could “modify” a contractor's eligibility to participate in the defense industry's cybersecurity information-sharing program. Some industry sources see the White House review as part of a broader housecleaning effort to finalize pending requirements...
