 |
Code of Federal Regulations (Last Updated: July 5, 2024) |
 |
Title 32 - National Defense |
|
Subtitle A - Department of Defense |
|
Chapter I - Office of the Secretary of Defense |
|
SubChapter M - Miscellaneous |
|
Part 236 - Department of Defense (Dod) - Defense Industrial Base (DIB) Cyber Security (Cs) Activities |
§ 236.7 - DoD's DIB CS program requirements.
-
§ 236.7 DoD's DIB CS program Program requirements.
(a) To participate in the DIB CS programProgram, a contractor must be a CDC and shall:
(2) Execute the(1) Have an existing active FCL to at least the Secret level granted under the NISPOM (DoD 5220.22-M); and
own or operate a covered contractor information system and shall execute the standardized FA with the Government (available during the application process), which implements the requirements set forth in §§ 236.5
throughand 236.
7, and allows the CDC to select their level of participation in the voluntary DIB CS program6.
3(
participating CDCsb) In order for
they mustDIB CS Program participants to receive classified cyber threat information electronically,
ithe company must be a cleared defense contractor and must:
(
the NISPOM Chapter 9, Section 4 (DoD 5220.22-M),1) Have an existing active facility clearance level (FCL) to at least the Secret level in accordance with 32 CFR part 117;
(2) Have or acquire a Communication Security (COMSEC) account in accordance with
and32 CFR part 117, which provides procedures and requirements for COMSEC activities;
ii(
the NISPOM3) Have or acquire approved safeguarding for at least Secret information, and continue to qualify under
iii32 CFR part 117 for retention of its FCL and approved safeguarding; and
(
program4) Obtain access to DoD's secure voice and data transmission systems supporting the voluntary DIB CS
Program.
(b) [Reserved]
[80 FR 59584, Oct. 2, 2015, as amended at 81 FR 68317, Oct. 4, 2016[89 FR 17749, Mar. 12, 2024]