DoDâs decision to release the Network Penetration Reporting and Contracting for Cloud Services regulations is in response to a series of cyber attacks against defense contractors, Aliya Sternstein writes.
The interim rule also details procedures when contractors purchase cloud services.
DoD will implement the policy prior to a public comment period, Defense Acquisition Regulations System Editor Jennifer Hawes said in the guidance.
Under the new rule, contractors and subcontractors are required to report within three days incidents of cyber attacks that involve confidential scientific and technical military information and export-controlled data to DoD via the Defense Industrial Base Cyber Security/Information Assurance online portal, according to the report.