32 CFR 236.6 - General provisions of DoD's DIB CS program.

§ 236.6 General provisions of DoD's DIB CS program.

(a) Confidentiality of information that is exchanged under the DIB CS program will be protected to the maximum extent authorized by law, regulation, and policy. DoD and DIB participants each bear responsibility for their own actions under the voluntary DIB CS program.

(b) All DIB CS participants may participate in the

Department of Homeland Security
's Enhanced Cybersecurity Services (ECS) program (http://www.dhs.gov/enhanced-cybersecurity-services).

(c) Participation in the voluntary DIB CS program does not obligate the DIB participant to utilize the GFI in, or otherwise to implement any changes to, its information systems. Any action taken by the DIB participant based on the GFI or other participation in this program is taken on the DIB participant's own volition and at its own risk and expense.

(d) A DIB participant's participation in the voluntary DIB CS program is not intended to create any unfair competitive advantage or disadvantage in DoD source selections or competitions, or to provide any other form of unfair preferential treatment, and shall not in any way be represented or interpreted as a Government endorsement or approval of the DIB participant, its information systems, or its products or services.

(e) The DIB participant and the Government may each unilaterally limit or discontinue participation in the voluntary DIB CS program at any time. Termination shall not relieve the DIB participant or the Government from obligations to continue to protect against the unauthorized use or disclosure of GFI, attribution information, contractor proprietary information, third-party proprietary information, or any other information exchanged under this program, as required by law, regulation, contract, or the FA.

(f) Upon termination of the FA, and/or change of Facility Security Clearance (FCL) status below Secret, GFI must be returned to the Government or destroyed pursuant to direction of, and at the discretion of, the Government.

(g) Participation in these activities does not abrogate the Government's, or the DIB participants' rights or obligations regarding the handling, safeguarding, sharing, or reporting of information, or regarding any physical, personnel, or other security requirements, as required by law, regulation, policy, or a valid legal contractual obligation. However, participation in the voluntary activities of the DIB CS program does not eliminate the requirement for DIB participants to report cyber incidents in accordance with § 236.4.

[ 80 FR 59584, Oct. 2, 2015, as amended at 81 FR 68317, Oct. 4, 2016]

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.

United States Code
U.S. Code: Title 10 - ARMED FORCES

Title 32 published on 02-Nov-2018 03:31

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 32 CFR Part 236 after this date.

  • 2016-10-04; vol. 81 # 192 - Tuesday, October 4, 2016
    1. 81 FR 68312 - Department of Defense (DoD)'s Defense Industrial Base (DIB) Cybersecurity (CS) Activities
      GPO FDSys XML | Text
      DEPARTMENT OF DEFENSE, Office of the Secretary
      Final rule.
      Effective Date: This rule is effective on November 3, 2016.
      32 CFR Part 236