New sweeping defense contractor rules on hack notifications took effect August 26, 2015, adding to a flurry of Pentagon IT security policies issued in recent years.
The Office of Management and Budget proposed guidelines to homogenize the way vendors secure data government-wide. The Defense Department had already released three other policies that dictate how military vendors are supposed to handle sensitive IT.
Now, industry, which is already concerned about overlapping and burdensome cyber rules, worries the Pentagon will go back and retroactively change contracts, after the White House draft is finalized.
The new Pentagon regulations for “Network Penetration Reporting and Contracting for Cloud Services” cover more types of incidents and more kinds of information than past policies. The guidelines also apply to a broader swath of the contracting community.
Keep reading this article at: http://www.nextgov.com/cybersecurity/2015/08/pentagon-tries-harmonize-contractor-data-breach-rules/119498