DOD Finalizes Rule on Voluntary Cybersecurity Program | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The Department of Defense has finalized a rule that revises the criteria for defense contractors wishing to participate in a voluntary cybersecurity information-sharing program, Law360 (subscription) reports.

What’s going on: “The final rule expands eligibility for the voluntary Defense Industrial Base Cybersecurity, or DIB CS, Program, beyond contractors that handle classified information, allowing any contractor that owns or operates an unclassified information system that is used to store, process or transmit ‘covered defense information’ to participate in bilateral information sharing regarding cybersecurity threats.”

  • The program, established in 2012, is meant to complement mandatory cybersecurity-reporting requirements.
  • Covered defense information is unclassified, controlled technical information or other information that requires safeguarding.
  • The rule was published in the Federal Register Tuesday and goes into effect in 30 days.

Why it’s happening: “The gap in eligibility in the current program, feedback from interested but ineligible contractors, a vulnerable DOD supply chain and a pervasive cyber threat have prompted DOD to propose revising the eligibility requirements of the DIB CS Program to allow participation by non-cleared defense contractors,” according to the rule.

The background: DIB CS was initially only open to “cleared” defense contractors, “but was expanded in 2015 to include all cleared contractors, removing the safeguarding requirement and a requirement to have access to the DOD’s secure voice and data transmission systems,” according to the article.

  • In 2015, there were approximately 8,500 participants; in 2022, that number was about 12,000, and applications to the program rose from 80 in 2016 to 266 in 2022.

​​​​​​​What it means: “The new rule effectively expands eligibility for the program to all contractors subject to the DOD’s mandatory cybersecurity incident reporting requirement, removing the requirement for participants to be a cleared contractor with a facility security clearance at the Secret level or above.”

  • Some 68,000 additional defense contractors may now participate in DIB CS.

View More


Click Here For The Original Source.

National Cyber Security