Last week, the White House announced new rules and regulations for contractors and this week the Pentagon is rolling out its new rules governing military contractors. According to a military official, the DOD’s objective is “to more tightly control the way defense data traverses contractor systems and is stored by companies,” reports NextGov.
The policy states that if a contractor suffers a data breach they must notify the DOD within 72 hours of detection and the Pentagon is “required to protect the confidentiality of proprietary and identifying information that contractors submit to the government for investigation.”
New breach notification rules are coming into effect due to continuous cyber assaults against military networks and their contractors systems. NextGov is reporting that the new regulations is geared towards “contractors, subcontractors and lower-tier, downstream vendors,” as well as “a provision for cloud computing services that spells out standard contract language for purchases.”
Critics fear that the new regulations will be burdensome and out of step with other new government breach notification requirements. Additionally, there are fears that the new rules could retroactively affect contracts, leading to further confusion.