http://www.nextgov.com/cybersecurity/2014/09/contractors-expect-72-hour-rule-disclosing-corporate-hacks/95399/
By Aliya Sternstein
Nextgov
September 29, 2014
Look for the whole government to take a page from the Pentagon and require
that firms notify their agency customers of hacks into company-owned
systems within three days of detection, procurement attorneys and federal
officials say.
Right now, vendors only have to report compromises of classified
information and defense industry trade secrets. The trade secret rule is
new and covers breaches of nonpublic military technological and scientific
data, referred to as "unclassified controlled technical information.”
That new reporting requirement kicked in Nov. 18, 2013 and applies to all
military contracts inked since.
The rule “is impactful in large part because it is one of the first very
clear cybersecurity directives," said Anuj Vohra, a Covington & Burling
senior associate in the firm’s government contracts practice. "We’ll see
more regulations like that among nondefense agencies."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
