Contractors Wary of New DOD Rule on Unclassified Data
November 13, 2011
Contractors are bracing for new Pentagon regulations that would impose stricter standards on unclassified information housed on contractor networks, which companies fear could add a significant cost burden.
The Defense Department has released a proposed rule meant to ensure that companies are using adequate security measures and reporting intrusions into unclassified Pentagon information.
But contractor advocates and attorneys say the rule is too vague and imposes a significant burden on companies, particularly smaller ones. The Pentagon acknowledges in the proposed rule that it would affect nearly 49,000 small businesses, but says the cost of not protecting information — in reduced performance and lost valuable data — is far greater.
Under the proposed rule, contractors would be required to apply either a "basic" or "enhanced" level of protection to unclassified information, as designated by the government. Some larger companies already have in place controls that adhere to the basic level, but the enhanced standards require a "fairly sophisticated level of protection," in accordance with National Institute of Standards and Technology standards, said Alan Chvotkin, executive vice president and counsel for the Professional Services Council, an industry association.