The Defense Contract Management Agency has Begun a Monthly Cyber Report on Violations of “Standard Mandatory Notice and Consent Provision for all DoD Information System User Agreements”

By: Christine V. Williams on 03/10/2018

In a quickly changing landscape of cyber security, the Defense Contract Management Agency (“DCMA”) has begun a monthly report on cyber violations for personnel that have violated the Department of Defense’s (“DOD”) “Standard Mandatory Notice and Consent Provision for all DoD Information System User Agreements.”  The violations are listed from low to high with the severity of the actions taken against the violator commensurate with the violation.  This grading system is explained further on the DCMA website.  http://www.dcma.mil/News/Article-View/Article/1452302/cybersecurity-grading-scale-lists-violations-severity/

The DOD’s standard information system user agreements seems straightforward and understandable for a complex Government publication.  It seems to take the vast majority of guidelines that have been issued and boil them down to assist employees to understand protocols and what could constitute or lead to a cyber breach.  While it may take a little work for those unfamiliar with some of the cyber terms to become versed in them, when that work is done, the policy really begins to make sense.  A company could tailor and emulate it when it comes to its own cyber protocol and processes.  To me, if a contractor follows a system similar to the Government or tailors it to its own cyber needs, I would argue this could be a mitigating factor in any Governmental action on a breach.  That user guide may be found here.  http://www.dcma.mil/user-agreement/