The Department of Defense (“DOD”) has once again delayed the promulgation of regulations requiring DOD contractors to rapidly report data breaches and allowing DOD to access the contractor’s equipment to conduct a forensic analysis. The National Defense Authorization Act for Fiscal Year 2013 originally required an ad hoc committee to provide a report to the Defense Acquisition Regulations Council in March 2013. The new deadline for the report is October 15. The report is a prerequisite for the development of the proposed regulations and their subsequent publication in the Federal Register for comment. As a result, it is unclear exactly when contractors can expect to be subjected to the rapid reporting requirements.
These delays may also impact the promulgation of similar regulations for intelligence community contractors. The 2014 Intelligence Authorization Act required the Director of National Intelligence to promulgate similar regulations, the deadline for which is October 5. DOD’s significant delays raise questions as to whether the regulations for the intelligence community contractors will meet this deadline.