An interim rule which went into immediate effect when it was released last month by the Department of Defense (DOD), , has changed the way that contractors and suppliers report network penetrations to DOD. It imposes stricter regulations on how contractors can sell cloud computing services to DOD, including how and where they store their data for DOD.
The sudden nature of this interim rule has left IT solutions providers scrambling to understand how this regulation fits into a whole host of other activities governing how a company protects its networks and data while providing cloud computing services to the government. IT providers also want to understand how they are expected to support chain of custody requirements with their suppliers and subcontractors under this interim rule.
The new rule attempts to implement sections of the Fiscal Year (FY) 2013 and FY2015 National Defense Authorization Act (NDAA). However, because of the immediate enforceability and gaps in clarity regarding the new requirements, contractors are unsure whether they are implementing the new contract requirements correctly, and a great deal of confusion has already begun to appear around compliance.
To help clear up the some of the confusion, ITAPS has a public meeting on the new rule so that DOD can answer questions and provide guidance, thereby avoiding the delay that would occur while waiting for the regulations to be finalized.
A meeting like the one ITAPS has would not only help the vendor community better understand how the Pentagon expects them to implement this rule today, it also equips the public with more information, so that the vendor community can provide DOD with important recommendations that improve the rule before it becomes final. Should the request for a public meeting be granted, ITAPS has also requested an additional 30 days to comment on the interim rule. The current public comment period ends on October 26, 2015.
ITAPS has created a list of , which it encourages DOD to address in the suggested public meeting, and which it has included in the letter – without those answers, it remains a difficult task for contractors to understand exactly what DOD wants.