Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 32 - National Defense |
Subtitle A - Department of Defense |
Chapter I - Office of the Secretary of Defense |
SubChapter M - Miscellaneous |
Part 236 - Department of Defense (Dod) - Defense Industrial Base (DIB) Cyber Security (Cs) Activities |
§ 236.6 - General provisions of DoD's DIB CS program.
-
§ 236.6 General provisions of DoD's DIB CS program.
Program.
(a) Confidentiality of information that is exchanged under the DIB CS program Program will be protected to the maximum extent authorized by law, regulation, and policy. DoD and DIB CS Program participants each bear responsibility for their own actions under the voluntary DIB CS programProgram.
(b) All DIB CS Program participants may participate in the Department of Homeland Security's Enhanced Cybersecurity Services (ECS) program (httphttps://www.dhscisa.gov/resources-tools/programs/enhanced-cybersecurity-services-ecs).
(c) Participation in the voluntary DIB CS program Program does not obligate the DIB CS Program participant to utilize the GFI in, or otherwise to implement any changes to, its information systems. Any action taken by the DIB CS Program participant based on the GFI or other participation in this program is taken on the DIB CS Program participant's own volition and at its own risk and expense.
(d) A DIB CS Program participant's participation in the voluntary DIB CS program Program is not intended to create any unfair competitive advantage or disadvantage in DoD source selections or competitions, or to provide any other form of unfair preferential treatment, and shall not in any way be represented or interpreted as a Government endorsement or approval of the DIB CS Program participant, its information systems, or its products or services.
(e) The DIB CS Program participant and the Government may each unilaterally limit or discontinue participation in the voluntary DIB CS program Program at any time. Termination shall not relieve the DIB CS Program participant or the Government from obligations to continue to protect against the unauthorized use or disclosure of GFI, attribution information, contractor proprietary information, third-party proprietary information, or any other information exchanged under this program, as required by law, regulation, contract, or the FA.
(f) Upon termination of the FA, change of status as a defense contractor, and/or change of Facility Security Clearance (FCL) status below Secret, GFI must be returned to the Government or destroyed pursuant to direction of, and at the discretion of, the Government.
(g) Participation in these activities does not abrogate the Government's, or the DIB CS Program participants' rights or obligations regarding the handling, safeguarding, sharing, or reporting of information, or regarding any physical, personnel, or other security requirements, as required by law, regulation, policy, or a valid legal contractual obligation. However, participation in the voluntary activities of the DIB CS program Program does not eliminate the requirement for DIB CS Program participants to report cyber incidents in accordance with § 236.4.
[80 FR 59584, Oct. 2, 2015, as amended at 81 FR 68317, Oct. 4, 2016; 89 FR 17748, Mar. 12, 2024]