Any company that seeks to do business with the Department of Defense, including subcontractors, must comply with new regulations designed to reduce the risks to the nation of cyber threats. Changes to government rules over the last 5 years have included a steadily increasing number of technical requirements for security programs, new requirements to report to government if there is a breach of systems, and requirements to be able to conduct forensics if there is a need for an investigation.
The Department of Defense is establishing a new approach they expect their contractors, and sub-contractors to leverage. This is meant to help reduce risk and mitigate many challenges observed in implementing existing security/compliance regulations in the defense industrial base. Our review of this approach leaves us optimistic that this new approach is a positive change. Here is what you need to know.