On Dec. 31, 2017, the Department of Defense (DoD) established new cybersecurity regulations for contractors. Contractors must meet these new standards, or risk losing DoD contracts.

In general, contractors must assess their information systems, develop a security plan and create an action plan to deal with cyber threats.

These security controls must be implemented at both the contractor and subcontractor levels. In particular, the new regulations require contractors to:

• Assess and report damage caused by cyber incidents
• Identify, isolate and handle malicious software
• Preserve and protect all media involved in a cyber incident
• Provide DoD with access to information or equipment
• Ensure all subcontractors comply with these requirements.

In response, the Georgia Tech Procurement Assistance Center produced a 20-minute video explaining step by step how contractors can achieve compliance. The Georgia Tech PTAC site also features a cybersecurity self-assessment handbook; official DoD and National Institute of Standards and Technology regulations; and a template to help create a security assessment report and system security plan.

For further assistance complying with DoD’s cybersecurity requirements, please contact a MO PTAC procurement counselor.

Video and template funded through a cooperative agreement with the Defense Logistics Agency and created with the support of the Georgia Institute of Technology. The content of the video presentation does not necessarily reflect the official views of or imply endorsement by the U.S. Department of Defense, the Defense Logistics Agency or Georgia Tech.