Skip to Content


Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018)

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Enhanced Content

Relevant information about this document from provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Defense Acquisition Regulations System, Department of Defense (DoD).


Interim rule; extension of comment period.


DoD issued an interim rule (DFARS Case 2013-D018) on August 26, 2015, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a section of the National Defense Authorization Act for Fiscal Year 2013 and a section of the National Defense Authorization Act for Fiscal Year 2015, both of which require contractor reporting on network penetrations. The comment period on the interim rule is being extended to November 20, 2015.


For the interim rule published on August 26, 2015 (80 FR 51739), submit comments by November 20, 2015.


Submit comments identified by DFARS Case 2013-D018, using any of the following methods:Start Printed Page 63929 Submit comments via the Federal eRulemaking portal by entering “DFARS Case 2013-D018” under the heading “Enter keyword or ID” and selecting “Search.” Select the link “Submit a Comment” that corresponds with “DFARS Case 2013-D018.” Follow the instructions provided at the “Submit a Comment” screen. Please include your name, company name (if any), and “DFARS Case 2013-D018” on your attached document.

Email: Include DFARS Case 2013-D018 in the subject line of the message.

Fax: 571-372-6094.

Mail: Defense Acquisition Regulations System, Attn: Mr. Dustin Pitsch, OUSD(AT&L)DPAP/DARS, Room 3B855, 3060 Defense Pentagon, Washington, DC 20301-3060.

Comments received generally will be posted without change to, including any personal information provided. To confirm receipt of your comment(s), please check, approximately two to three days after submission to verify posting (except allow 30 days for posting of comments submitted by mail).

Start Further Info


Mr. Dustin Pitsch, telephone 571-372-6090.

End Further Info End Preamble Start Supplemental Information


I. Background

On August 26, 2015, DoD published an interim rule (DFARS Case 2013-D018) in the Federal Register at 80 FR 51739 revising the DFARS to implement section 941 of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2013 (Pub. L. 112-239) and section 1632 of the NDAA for FY 2015 (Pub. L. 113-291). Section 941 requires cleared defense contractors to report penetrations of networks and information systems and allows DoD personnel access to equipment and information to assess the impact of reported penetrations. Section 1632 requires that a contractor designated as operationally critical must report each time a cyber incident occurs on that contractor's network or information systems. This rule also implements DoD policies and procedures for use when contracting for cloud computing services.

The due date for comments on the interim rule (DFARS Case 2013-D018) is being extended from October 26, 2015 to November 20, 2015, to provide additional time for interested parties to submit comments on the interim rule.

Start List of Subjects

List of Subjects in 48 CFR Parts 202, 204, 212, 239, and 252

  • Government procurement
End List of Subjects Start Signature

Jennifer L. Hawes,

Editor, Defense Acquisition Regulations System.

End Signature End Supplemental Information

[FR Doc. 2015-26887 Filed 10-21-15; 8:45 am]