navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

Contractors need clarity on handling federal data, says IT Alliance

March 29, 2017 (Photo Credit: Sean Gallup/Getty Images)
Discrepancies and deficiencies in the way various rules designate and govern covered defense information and controlled unclassified information can impact how contractors protect confidential government information.

In a white paper prepared by associate member Rogers Joseph O’Donnell, the IT Alliance for Public Sector looked at the scope, implementation, compliance tools and inconsistencies of regulatory constructs and requirements to safeguard federal data and information.

The paper looks at actions of the National Archives and Records Administration, the Department of Homeland Security, the Department of Defense and the National Institute of Standards and Technology.

Key actions include the final “Controlled Unclassified Information” rule published on September 14, 2016; the revised (and final) Defense Federal Acquisition Regulation Supplement rule “Network Penetration Reporting and Contracting For Cloud Services” of October 21, 2016; and Revision 1 to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”; as well as the publication on January 19, 2017, of the DHS proposed rule “Homeland Security Acquisition Regulation; Safeguarding of Controlled Unclassified Information.”  

These include areas the Department of Defense can support and improve contractor success in cyber protection of data the government exchanges with suppliers, according to the report.

DoD can start by improving the identification of what information is designated for protection, and then revising confusing language establishing what background and ancillary information should be protected. The paper touches on clarifying methods that can allow for the use of cloud services and how small businesses can affordably, successfully implement required security controls. And finally, the paper recommends ways DoD and contractors can both contribute to the implementation and administration of adequate system security plans.

The complete white paper can be found on ITIC.org.
Next Article