On March 12, 2024, the Department of Defense (DoD) published a final rule, revising the eligibility criteria for the voluntary DoD Defense Industrial Base (DIB) Cybersecurity (CS) Activities Program. The intent of the rule is to permit all defense contractors that own or operate unclassified information systems that process, store, or transmit covered defense information to participate in the program. Previously, only cleared contractors were permitted to participate in the sharing of this information. The final rule also amends identity proofing requirements by eliminating the need to obtain a medium security certificate to participate in either the voluntary or mandatory reporting regimes. The rule will take effect on April 11, 2024, and DoD anticipates a significant increase in contractor participation.
Additional information about the rule is outlined below.Continue Reading DoD Expands Contractor Cybersecurity Information Sharing Program