Federal Times reports that thousands of military contractors would face new requirements for protecting unclassified information from cyber attack, under a draft rule published Wednesday in the Federal Register.

The proposed regulation would create two layers of safeguards on unclassified Defense Department records not cleared for public release that are either provided by DoD to the contractor or else developed by the contractor on the department’s behalf:

• Basic safeguards would bar contractors from accessing the information on public computers — such as those in hotel business centers — or posting it on publicly accessible websites.

• Enhanced safeguards would require contractors to “at a minimum” follow numerous security recommendations from the National Institute of Standards and Technology when working with records such as those deemed “For Official Use Only” or considered critical to the success of a particular mission. If not following those recommendations, contractors would have explain why that level of security is not needed or offer an alternative.

An estimated 76 percent of some 64,400 small businesses awarded defense contracts last year would have to furnish enhanced security, the proposed rule said. But information security costs typically amount to about 0.5 percent of small businesses’ revenues, the Defense Department added, and are less for larger companies.

If you would like to provide comments on this rule, please email us your opinion and the Coalition will submit comments to the draft rule.