Contractors, Expect 72-hour Rule for Disclosing Corporate Hacks

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2014/09/contractors-expect-72-hour-rule-disclosing-corporate-hacks/95399/

By Aliya Sternstein
Nextgov
September 29, 2014

Look for the whole government to take a page from the Pentagon and require 
that firms notify their agency customers of hacks into company-owned 
systems within three days of detection, procurement attorneys and federal 
officials say.

Right now, vendors only have to report compromises of classified 
information and defense industry trade secrets. The trade secret rule is 
new and covers breaches of nonpublic military technological and scientific 
data, referred to as "unclassified controlled technical information.”

That new reporting requirement kicked in Nov. 18, 2013 and applies to all 
military contracts inked since.

The rule “is impactful in large part because it is one of the first very 
clear cybersecurity directives," said Anuj Vohra, a Covington & Burling 
senior associate in the firm’s government contracts practice. "We’ll see 
more regulations like that among nondefense agencies."

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/