update for defense contractors
play

Update for Defense Contractors T.J. Crane May 19, 2017 Bend, OR | - PowerPoint PPT Presentation

Oct 17, 2022 •157 likes •589 views

www.schwabe.com Privacy and Data Security Update for Defense Contractors T.J. Crane May 19, 2017 Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA www.schwabe.com Overview DoD interim rule Expanded DFAR

  2. www.schwabe.com Privacy and Data Security Update for Defense Contractors T.J. Crane May 19, 2017 Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  3. www.schwabe.com Overview • DoD interim rule – Expanded DFAR reporting obligations – New DFAR definitions – Cloud services • Changes to local breach notification laws • Possible federal breach notification law Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  4. www.schwabe.com Caveats • Not intended to – Cover all laws or industries – Create an attorney-client relationship • Seek counsel for a particular legal issue Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  5. www.schwabe.com Expanded reporting obligations Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  6. www.schwabe.com Key points on reporting • Rule applies to all contractors with covered defense information residing in or transiting through their information systems • Requires safeguarding and reporting, without abrogating prior requirements Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  7. www.schwabe.com Key points on reporting (cont’d) • Subcontractors must report to the prime contractor, and directly to DoD – This could lead to inconsistent reports • Pertains not just to unclassified controlled technical information – Think CDI, not UCTI Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  8. www.schwabe.com Key points on reporting (cont’d) • Covered defense information is unclassified information that is – Provided to the contractor by or on behalf of DoD in connection with contract performance; or – Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of contract performance Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  9. www.schwabe.com Key points on reporting (cont’d) • And is: – Controlled technical information, – Critical information (operations security), – Export control, or – “Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies ( e.g. , privacy, proprietary business information)” Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  10. www.schwabe.com Key points on reporting (cont’d) • And is: – Controlled technical information, – Critical information (operations security), – Export control, or – “Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Governmentwide policies ( e.g. , privacy, proprietary business information )” Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  11. www.schwabe.com When to report? • Discovery of a “cyber incident that affects” – A covered contractor information system, – Covered defense information residing in a covered contractor information system, or – The contractor’s ability to perform contract requirements that are designated as operationally critical support Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  12. www.schwabe.com “Cyber incident” • Actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  13. www.schwabe.com “Cyber incident” • Actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  14. www.schwabe.com “Cyber incident” • Actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  15. www.schwabe.com Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  16. www.schwabe.com New definitions 48 C.F.R. § 202.101 Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  17. www.schwabe.com “Compromise” • Disclosure of information to unauthorized persons, or • A violation of the security policy of a system, in which unauthorized intentional or unintentional – Disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  18. www.schwabe.com “Compromise” • Disclosure of information to unauthorized persons, or • A violation of the security policy of a system, in which unauthorized intentional or unintentional – Disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  19. www.schwabe.com “Media” • Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, large- scale integration memory chips, and printouts onto which covered defense information is recorded, stored, or printed within a covered contractor information system Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  20. www.schwabe.com Reporting obligations • Conduct a review for evidence of compromise and analyze the systems involved • “Rapidly report” cyber incidents to DoD – This still means within 72 hours Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  22. www.schwabe.com What to provide? • A cyber incident report; • Malicious software, if detected and isolated; and • Media (or access to covered contractor information systems and equipment) upon request Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  23. www.schwabe.com Is my reporting protected? • Trade secret or otherwise proprietary information? • Might reporting be interpreted as an admission of failing to provide adequate security? Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  24. www.schwabe.com Limitations on use • Access and use of information received or created in the performance of the contract – Is limited to the purpose of furnishing advice or technical assistance directly to the Government in support of its activities and – Shall not be used for any other purpose • Contractor must protect the information from unauthorized release or disclosure Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  25. www.schwabe.com Limitations on use (cont’d) • Contractor must “ensure that its employees are subject to use and nondisclosure obligations…prior to…being provided access to or use of the information” • Reporting party is a third-party beneficiary of the non-disclosure agreement between the Government and the contractor Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  26. www.schwabe.com Limitations on use (cont’d) • Contractor shall include this clause in all subcontracts that include support for the Government’s activities related to safeguarding covered defense information and cyber incident reporting, including subcontracts for commercial items Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  27. www.schwabe.com Limitations on use (cont’d) • Information shared “shall not, by itself, be interpreted as evidence that the contractor … failed to provide adequate information safeguards for covered defense information….” • A breach of the reporting obligations or restrictions can give rise to criminal, civil, administrative, and contract actions Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  28. www.schwabe.com Cloud services Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  29. www.schwabe.com Cloud computing defined • “[A] model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources … that can be rapidly provisioned and released with minimal management effort or service provider interaction.” – 48 C.F.R. § 239.7601 Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  30. www.schwabe.com Cloud computing defined (cont’d) • This includes other commercial terms: – On-demand self-service, – Broad network access, – Resource pooling, – Rapid elasticity, and – Measured service • Also, any _______-as-a-service Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

  31. www.schwabe.com On cloud services • Before contracting, contractors must declare any intent to use cloud computing • DoD will first require provisional authorization by Defense Information Systems Agency Bend, OR | Portland, OR | Salem, OR | Seattle, WA | Vancouver, WA

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The

Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The

Industrial Relations Update Ben Waugh, Senior Lawyer SIAG Today Brief update: 1. The Registered and Licensed Clubs Award 2010; 2. FWC and dismissals; 3. FWO activity? a) Sub-contractors and contractors b) Underpayments and non-compliance

781 views • 12 slides
Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident

Cybersecurity Update Its More Than Technology People: Your First Line of Defense Incident Response Overview Types of data in your environment and why it is important. Trending threats. Minimizing risks through layers of defense:

486 views • 30 slides
E A S T E R N M I C H I G A N U N I V E R S I T Y February 18,

E A S T E R N M I C H I G A N U N I V E R S I T Y February 18,

E A S T E R N M I C H I G A N U N I V E R S I T Y February 18, 2008 To All Professional Contractors Including General Contractors, Sub-Contractors, Service Vendors, & Material Suppliers RE: Contractor

477 views • 44 slides
DAMAGES RECOVERABLE BASED ON TORT THEORIES ASSERTED AGAINST ARCHITECTS, ENGINEERS, CONTRACTORS

DAMAGES RECOVERABLE BASED ON TORT THEORIES ASSERTED AGAINST ARCHITECTS, ENGINEERS, CONTRACTORS

-~:-:;-~, -~-c-~-~-~.,.-= DAMAGES RECOVERABLE BASED ON TORT THEORIES ASSERTED AGAINST ARCHITECTS, ENGINEERS, CONTRACTORS AND SURETIES Presented To INTERNATIONAL ASSOCIATION OF DEFENSE COUNSEL ANNUAL MEETING JULY, 1994 By: KEVIN R. SJDO Hinshaw

375 views • 33 slides
Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use

Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use

Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use Minimize time at site Eliminate site re-visits Provide quality closeout reports Reduce OPEX cost Improve Microwave

332 views • 20 slides
Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use

Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use

Why Choose The 3Z RF Vision Because It Helps Contractors and Sub-Contractors on: Ease of use Minimize time at site Eliminate site re-visits Provide quality closeout reports Reduce OPEX cost Improve Microwave

247 views • 21 slides
FY2016 Defense Budget Update Jeremiah Gertler Specialist in Military Aviation Aerospace and

FY2016 Defense Budget Update Jeremiah Gertler Specialist in Military Aviation Aerospace and

The Aerospace & Defense Forum Dallas Ft. Worth Chapter September 10, 2015 FY2016 Defense Budget Update Jeremiah Gertler Specialist in Military Aviation Aerospace and Defense Forum, September 10, 2015 Agenda Defining the defense

528 views • 23 slides
Department of Defense Update e Myalgic c Encephalopathy / Chronic Fatigue Syndrome Advisory

Department of Defense Update e Myalgic c Encephalopathy / Chronic Fatigue Syndrome Advisory

Department of Defense Update e Myalgic c Encephalopathy / Chronic Fatigue Syndrome Advisory Committee JUNE 20-21, 2018 8 Christopher L. Tracy, MD, FACP, FACR Lieutenant Colonel U.S. Army Medical Corps 1 DEPARTMENT OF DEFENSE Introduction

435 views • 16 slides
CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award

CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award

CAPEZIO CONTRACTORS, INC. & Current Events Capezio Contractors, Inc. Wins the Chrysalis Award This was the first year that Capezio Contractors entered the awards, and to take home top honors on the first attempt is impressive and to

63 views • 3 slides
OEMs and nd Federal Contractors References in subcontracts and purchase orders to any FAR

OEMs and nd Federal Contractors References in subcontracts and purchase orders to any FAR

The Aerospace & Defense Forum South Bay Chapter January 11, 2017 OEMs and nd Federal Contractors References in subcontracts and purchase orders to any FAR clauses, which start with 52.2XX-XX References in subcontracts and purchase

258 views • 6 slides
P/C Insurance for Contractors: Outlook for 2019 Associated General Contractors Bonita Springs,

P/C Insurance for Contractors: Outlook for 2019 Associated General Contractors Bonita Springs,

P/C Insurance for Contractors: Outlook for 2019 Associated General Contractors Bonita Springs, FL January 28, 2019 Steven N. Weisbart, Ph.D., CLU, Senior Vice President & Chief Economist Insurance Information Institute 110 William

219 views • 21 slides
Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter

Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter

The Aerospace & Defense Forum Arizona Chapter March 9, 2017 Cybersecurity Update: Latest Impacts on Aerospace & Defense Presented d by: Brandon Gunter Senior Manager, Cybersecurity Services Brandon.Gunter@mossadams.com (206)

255 views • 11 slides
Sun Corridor Inc. Presentation to Sierra Vista City Council Sierra Vista Technical Assistance

Sun Corridor Inc. Presentation to Sierra Vista City Council Sierra Vista Technical Assistance

Sun Corridor Inc. Presentation to Sierra Vista City Council Sierra Vista Technical Assistance Program Update March 27, 2018 SVTAP Purpose Facilitate and encourage commercial diversification of area defense contractors through programs,

286 views • 5 slides
Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant Opportunities Effective Post-Arrest and Indigent Defense Practices Longview, TX August 10, 2018 Scott Ehlers, Special Counsel T exas Indigent Defense

676 views • 30 slides
AGC At A Glance 26,500 Member Companies 6,500 general contractors 8,800 specialty

AGC At A Glance 26,500 Member Companies 6,500 general contractors 8,800 specialty

Association Overview 2018 NACF Annual Meeting Montral, Qubec AGC At A Glance 26,500 Member Companies 6,500 general contractors 8,800 specialty contractors 11,000 material suppliers and service providers 89 Chapters

547 views • 33 slides
Confederation of International Contractors Associations What does the future hold for

Confederation of International Contractors Associations What does the future hold for

Confederation of International Contractors Associations What does the future hold for Performance-Based road maintenance Contracts (PBC)? by Michel DEMARRE DG SEFI (French Association of International Contractors) Washington D.C., May 19, 2016

230 views • 4 slides
Advocacy: Restoring Health Privacy Deborah C. Peel, MD April 9, 2014 Hippocrates Whatsoever

Advocacy: Restoring Health Privacy Deborah C. Peel, MD April 9, 2014 Hippocrates Whatsoever

The Texas Library Association Advocacy: Restoring Health Privacy Deborah C. Peel, MD April 9, 2014 Hippocrates Whatsoever I shall see or hear of the lives of men or women which is not fitting to be spoken, I will keep inviolably secret.

911 views • 65 slides
Student Student's 's Post oster er and and Onl Online ne Sec Secti tion on Central l

Student Student's 's Post oster er and and Onl Online ne Sec Secti tion on Central l

Student Student's 's Post oster er and and Onl Online ne Sec Secti tion on Central l European C Conference o on Informatio ion and I Intelli ligent S Systems (CECIIS 2 2018) htt ttp:/ ://www.ce ceci ciis.foi.hr/stu

173 views • 3 slides
By Capital Market Development Authority IP IPO Processes Shariah Screening (for companies

By Capital Market Development Authority IP IPO Processes Shariah Screening (for companies

By Capital Market Development Authority IP IPO Processes Shariah Screening (for companies seeking to issue shariah compliant equity securities) Prospectus Registration Listing Approval Publication of Prospectus Open and close

379 views • 16 slides
Jason Spensley Sr. Specialist, Project Preparation and Adaptation Planning GCF resources

Jason Spensley Sr. Specialist, Project Preparation and Adaptation Planning GCF resources

Jason Spensley Sr. Specialist, Project Preparation and Adaptation Planning GCF resources Scale: USD 10.3 billion in pledges (UsD 9.9 billon signed contributions) Balance : 50/50 split between adaptation & mitigation; 50% of

507 views • 16 slides
Tips To Prepare Audits/Investigations For Prosecution Presented By: Assistant State Attorney

Tips To Prepare Audits/Investigations For Prosecution Presented By: Assistant State Attorney

Tips To Prepare Audits/Investigations For Prosecution Presented By: Assistant State Attorney Sheri Maxim Thirteenth Judicial System Hillsborough County Florida Maxim_s@sao13th.com 813-274-1324 Topics of Discussion 1. Detecting Fraud a.

131 views • 12 slides
26. K.V.V.HEMALATHA II Ece Has presented a paper INTERNET at Pragati Engineering College During

26. K.V.V.HEMALATHA II Ece Has presented a paper INTERNET at Pragati Engineering College During

PAPER PRESENTATION No.of Students attended : 113 1. Y.S.S.Prudhvi, K.S.N.Ramakrishna II Ece Has presented a paper ON SMART NOTE TAKER at Pragati Engineering College During 8th Dec,2018 2. N.Sreeja, K. Navyasree II Ece Has presented a paper On

297 views • 3 slides
AVECTIS, ALC PROFESSIONAL SYSTEM INTEGRATION SOLUTIONS Company Profile Established in 1994

AVECTIS, ALC PROFESSIONAL SYSTEM INTEGRATION SOLUTIONS Company Profile Established in 1994

AVECTIS, ALC PROFESSIONAL SYSTEM INTEGRATION SOLUTIONS Company Profile Established in 1994 Number of employees exceeds 100 Quality management ISO 9001-2015 Direct partnership with over 30 vendors More than 50 foreign partners Over 500

665 views • 44 slides
2016 Benefits Open Enrollment Enroll via www.benefitsolver.com user name and password

2016 Benefits Open Enrollment Enroll via www.benefitsolver.com user name and password

Open Enrollment 2016 Benefits Open Enrollment Enroll via www.benefitsolver.com user name and password needed to log in Open Enrollment Guides are available online at www.healthysteps4u.org

258 views • 15 slides

More recommend