WASHINGTON (Sputnik) — The US Department of Defense (DoD) has introduced a new measure that seeks to guide military contractors on when and how to report incidents of data breaches and other network attacks to the agency.
"[The measure] amends the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a section of the National Defense Authorization Act for Fiscal Year [FY] 2013 and a section of the …act for FY 2015, both of which require contractor reporting on network penetrations," the US Federal Register said on Wednesday.
The new rules extend the prosecution of whistleblowers to those working on and contracting for the government on cloud computing services. They also reportedly detail procedures for contractors’ purchases of cloud services.
Under the new rules, contractors and subcontractors are required to report within three days incidents of cyber-attacks that involve confidential scientific and technical military information and export-controlled data to DoD via the Defense Industrial Base Cyber Security/Information Assurance online portal, according to the report.
DoD’s decision to release the Network Penetration Reporting and Contracting for Cloud Services regulations reportedly comes in response to a series of cyber-attacks against defense contractors.