AccessData

 

Blog

 
 

Nov 14 2016

New Incident Response Demands Hit DoD Contractors

Tags: cybersecurity, department of defense, incident-response,

By Carolyn Casey

Starting this month, many Department of Defense (D0D) contractors will need super-charged cybersecurity incidence response capabilities. Final DoD cyber security incident response rules took effect on November 3, 2016. The new requirements finalize interim rules, and impose mandatory cyber incident reporting (IR) requirements on DoD contractors and subcontractors. The rules also implement new voluntary cyber incident information sharing mechanisms.

Incident Response “Must Haves”
Organizations with DoD contracts must quickly evaluate their IR technology and processes to ensure they can efficiently and completely comply with the stringent, new regulations. Here are key requirements you’ll need to meet: 

(1) analyze your information systems for evidence of compromise of defense department information including identifying compromised computers, servers, specific data, and user accounts

(2) report the incident to the DoD within 72 hours

(3) isolate, and submit any identified malicious software found to the DoD Cyber Crime Center for forensic analysis

(4) Preserve and protect images of known affected information systems and all relevant monitoring/packet capture data for at least 90 days to allow DoD to request the media or decline interest.

(5) provide DoD with access to additional information or equipment necessary for forensic analysis of the incident, if requested by DoD.

It’s important for organizations to be aware that the new rules apply to more than procurement contracts. All “contracts, grants, cooperative agreements, other transaction agreements, technology investment agreements, and any other type of legal instrument or agreement” with the DoD fall under the cybersecurity IR requirements. Check to see if you fall under the new regulations.

AccessData post-cyber breach incident response technology helps organizations quickly determine which systems, devices and applications have been affected, and initiate remediation actions across the organization.