Pentagon Implements New Cyber Security Guidelines for Cloud Vendors

Image Attribution: Flickr

With the US Government’s Cloud First initiative, many of the new technologies brought into the Department of Defense have been cloud based. With so many high profile hacks happening each and everyday, the Pentagon has swiftly implemented rules that vendors must abide by in terms of disclosing a potential security breach. Experts says that the new rules are sweeping and add to the plethora of security policies that the Pentagon has implemented in the past few years.
The new rules are officially called, “Network Penetration Reporting and Contracting for Cloud Services.” The idea behind the new rules is to help governments understand exactly where their data is and what happens to their data if a breach were to occur. The Defense department aims to implement rules that help tighten up security around sensitive data that may be held in a vendor’s data center.
“The benefits of the increased security requirements implemented through this rule are that more information will be protected from release, inadvertently or through malicious intent, and in so doing strengthen national security,” says Jennifer Hawes, editor of the Defense Acquisition Regulations System (DARS).
The military is concerned about data breaches that may not be sensitive in nature. For example, military technological and scientific data are covered under the new rules, although this information is unclassified technical information. If a breach were to occur, a vendor must report the breach within 72 hours of discovering the hack. Contractors must go to a special website,, and report the cyber incident using one of the forms on the website.
The DibNET website also provides an information sharing portal, where vendors can talk about trends and discuss insights on keeping the government’s IT systems running safely and securely. The new disclosure rules are expected to impact over 10,000 government contractors.