In response to recent Executive orders and mounting pressure after high-profile government data breaches, the Department of Defense (DoD) approved an interim rule Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services for the Defense Federal Acquisition System (DFARS Case 2013–D018), taking immediate effect. The rule, which will affect many government contractors whose services are associated with sensitive government information, applies to commercial item contracts, small businesses, and their subcontractors.
The DFARS interim rule addresses three high-level issues:
- Contractor safeguarding of covered defense information (CDI)
- Reporting of . . .