Cyber incident reporting requirements appear to apply only to CUI that is marked by the government or should be marked by contractors pursuant to clear government instructions in contract, in order to assist contractors in their efforts to comply with the reporting requirements.
Protection of Reports/Info Received from Industry
The guidance does not address how the Government should protect proprietary and attribution information shared by contractors and subcontractors that report cyber incidents. Appropriate restrictions and parameters should be detailed to protect unauthorized use or disclosure of such information.
Cyber incident reporting requirements appear to apply only to CUI that is marked by the government or should be marked by contractors pursuant to clear government instructions in contract, in order to assist contractors in their efforts to comply with the reporting requirements. Protection of Reports/Info Received from Industry The guidance does not address how the Government should protect proprietary and attribution information shared by contractors and subcontractors that report cyber incidents. Appropriate restrictions and parameters should be detailed to protect unauthorized use or disclosure of such information.