Friday, April 19, 2024
Friday, April 19, 2024
The Defense Department's rules for contractors and subcontractors to report cyber incidents go into effect on Thursday, with the Pentagon still not having clarified the procedures for reporting such incidents, according to the law firm Gibson Dunn & Crutcher.
In the meantime, the firm is recommending that contractors check whether the rule applies to them to make sure they don't run into any trouble.
"The rule applies to contractors and subcontractors that hold various types of unclassified controlled technical information or other safeguarded information, as well as contractors and subcontractors that provide 'operationally critical support,'" according to a "client alert" issued Monday by the firm.
"DOD is still 'developing procedures to ensure that contractors are notified when they are providing supplies or services designated as operationally critical support.' Until then, contractors should ask their contracting officer for confirmation as to whether the rule applies to them or their subcontractors," the law firm recommends.
The DOD reporting rules were issued as final in October.
"Given the increasing frequency with which the federal government has pursued stiff penalties in enforcement actions for cybersecurity violations in other contexts -- as evidenced by actions by the Department of Health and Human Services, Federal Trade Commission, Securities and Exchange Commission, and Consumer Financial Protection Bureau, among others -- defense contractors would be well-served to ensure compliance with these requirements," warns the firm Gibson Dunn. -- Rick Weber