New Security Requirements for Contractors Proposed

Government Contractor

As military contractors continue to face security breaches that expose classified information, a new draft rule published in the Federal Register would require military contractors to follow new security requirements for protecting unclassified information.

The proposed regulation would require contractors to use two new layers of security controls when working with classified defense records. The first is basic security safeguards that would bar contractors from accessing classified information through public computers.

The second would require contractors to follow, “at a minimum”, security recommendations from the National Institute of Standards and Technology when working with records such as those deemed "For Official Use Only" or considered critical to the success of a particular mission. If contractors want to opt not to follow these recommendations, they need to explain what level of security is not needed or suggest an alternative.

An estimated 76 percent of the 64,400 small businesses that were awarded defense contracts last year would have to comply with enhanced security, the proposed rule said. Information security costs are typically about 0.5 percent of small business’ revenues and less for larger companies, the Defense Department said.

The proposed rule would “have a significant effect on the contractor community,” said Alan Chvotkin, executive vice president and counsel for the Professional Services Council. "I’m troubled by the scope and the compliance obligations it puts on companies for unknown threats," he said.

The proposal has also raised concerns from the Aerospace Industries Association, regarding the cost to contractors. OpenTheGovernment.org has expressed concerns over how the proposed rule might create more secrecy around government information.

Security breaches of defense contractors have been an ongoing concern. Booz Allen Hamilton was the latest U.S. defense contractor to have a serious security breach that exposed more than 90,000 e-mail addresses plus passwords, logins and other information of defense personnel.

Related News

Chandler Harris is a freelance business and technology writer located in Silicon Valley. He has written for numerous publications including Entrepreneur, InformationWeek, San Jose Magazine, Government Technology, Public CIO, AllBusiness.com, U.S. Banker, Digital Communities Magazine, Converge Magazine, Surfer's Journal, Adventure Sports Magazine, ClearanceJobs.com, and the San Jose Business Journal. Chandler is also engaged in helping companies further their content marketing needs through content strategy, optimization and creation, as well as blogging and social media platforms. When he's not writing, Chandler enjoys his beach haunt of Santa Cruz where he rides roller coasters with his son, surfs and bikes across mountain ranges.