A proposed rule more than two years in the making regarding contractor protections of unclassified defense information and intrusion reporting became final last Monday (Nov. 18, 2014) following publication of a final rule in the Federal Register.
The rule is smaller in scope than the proposed rule the Defense Department put forth in June 2011; it proposed controls for any data tagged with a “for official use only” or similar marker. The final rule only pertains to “unclassified controlled technical information,” which means technical data or computer software (as defined in the Defense Acquisition Regulation Supplement, section 252.227-7013).
It requires contractors and subcontractors storing or transiting that data to implement 51 security controls from the National Institute of Standards and Technology catalog, Special Publication 800-53 (.pdf), or provide a justification for the use of alternative controls or a case for the control’s inapplicability.
Keep reading this article at: http://www.fiercegovernmentit.com/story/dod-finalizes-unclassified-information-protection-rule-contractors/2013-11-18