Businesses that seek to obtain and preserve contracts with the United States government, or to deal in certain enumerated defense articles and services, are subject to strict privacy regulations imposed by the U.S. government.
For those under contract (or subcontract) with the U.S. Department of Defense (DoD), the Defense Federal Acquisition Regulation Supplements (DFARS) place stringent minimum security requirements and reporting obligations that must be met, otherwise a business could face financial penalties or termination of its contract.
Businesses that export and import defense articles or services and related technical data must comply with the International Traffic in Arms Regulations (ITAR), which comprise approval, registration and records maintenance requirements. If a violation of ITAR is voluntarily reported, the penalties imposed by the U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) can be reduced.
Businesses subject to DFARS and ITAR should have a compliance program in place that includes an appropriate response to any security incident.
Keep reading this article at: http://www.mondaq.com/article.asp?articleid=733388
See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/
As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention. These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.
An August 2016 bid protest decision highlights the importance of government contractors having, and being able to demonstrate, an effective export controls compliance program.