The Department of Defense has issued a final rule that seeks to firm up revisions to the eligibility criteria for the Defense Industrial Base Cybersecurity Program as part of efforts to improve program participation and enable defense contractors to benefit from bilateral information sharing.
The rule will take effect on April 11, according to a notice published Tuesday in the Federal Register.
The department solicited comments on the proposed rule in May 2023 and received four submissions.
One of the commenters suggested that DOD should launch a targeted marketing campaign to help small businesses explain the purpose of a medium assurance certificate, which is used to validate digital identity and facilitate the exchange of encrypted data.
DOD considered and moved to modify the requirement for industry to secure the certificate.
According to the rule, the department has proposed a revision that would require registration with the Procurement Integrated Enterprise Environment when filing mandatory cyber incident reports.
“This change will align the identity proofing processes used by DoD for the majority of DIB companies and will eliminate the cost associated with procuring medium assurance certificates,” the rule states.
The department will continue to accept medium assurance certificates to meet identity proofing requirements, according to the document.
For readability, DOD said it has finalized proposed changes to some definitions, including that of government-furnished information and DIB CS Program participants.
“With the revisions to the eligibility criteria, the Department will be able to reduce the impact of cyber threat activity on DIB networks and information systems and, in turn, preserve its technological advantage and protect DoD information and warfighting capabilities,” the rule reads.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.
