The threats facing the DoD’s unclassified information have dramatically increased as we provide more services online, digitally store data, and rely on contractors for a variety of information technology services. Recent high-profile incidents involving government information demand that information system security requirements are clearly, effectively, and consistently communicated to both government and industry.

The contents of this “Cybersecurity in Acquisition Regulations” page addresses the DoD’s ongoing efforts  ̶̶ executed in partnership with industry  ̶̶  to improve the nation’s cybersecurity. Specifically, it addresses DoD’s effort to:

• Ensure that unclassified DoD information residing on or transiting through covered contractor networks or information systems is safeguarded from cyber incidents and that any consequences associated with loss of this information are assessed and minimized, and

• Understand when a cyber incident impacts a company’s ability to provide operationally critical support to DoD.

The DoD needs to protect it’s information – whether it resides on the Department’s networks and systems, or on the networks and systems of our partners in industry – so that our capabilities are not exploited, misdirected, countered, or cloned.  Protecting this information will save warfighter lives.  The cyber threat is not going away – we must defend our networks and systems, and the information that resides on them. Cybersecurity is a shared challenge, and we must work together to address it and reduce risk.