Seen in the Federal Register, March 3, from the Department of Defense:
SUMMARY: DoD is seeking comments from Government and industry on potential changes to the Defense Federal Acquisition Regulation Supplement (DFARS) to address requirements for the safeguarding of
unclassified information. The changes would add a new subpart and associated contract clauses for the safeguarding, proper handling, and cyber intrusion reporting of unclassified DoD information within industry.
SUPPLEMENTARY INFORMATION: This ANPR and notice of public meeting is a preliminary step in the rulemaking process for DFARS Case 2008-D028 that may be followed by issuance of a proposed rule in the future. The DFARS presently does not address the safeguarding of unclassified DoD information within industry, nor does it address cyber intrusion reporting for that information. The purpose of the potential DFARS changes addressed in this ANPR is to implement adequate security measures to safeguard DoD information on unclassified industry information systems from unauthorized access and disclosure, and to
prescribe reporting to the Government with regard to certain cyber intrusion events that affect DoD information resident or transiting on contractor unclassified information systems. This ANPR does not address
procedures for Government sharing of cyber security threat information with industry; this issue will be addressed separately through follow-on rulemaking procedures as appropriate. These changes to the DFARS
address requirements for the safeguarding of unclassified information and may be altered as necessary to align with any future direction given in response to on-going efforts currently being led by the National Archives and Records Administration regarding Controlled Unclassified Information (CUI).