(a) To participate in the DIB CS program, a contractor must be a CDC and shall:

(1) Have an existing active FCL to at least the Secret level granted under the NISPOM (DoD 5220.22-M); and

(2) Execute the standardized FA with the Government (available during the application process), which implements the requirements set forth in §§236.5 through 236.7, and allows the CDC to select their level of participation in the voluntary DIB CS program.

(3) In order for participating CDCs to receive classified cyber threat information electronically, they must:

(i) Have or acquire a Communication Security (COMSEC) account in accordance with the NISPOM Chapter 9, Section 4 (DoD 5220.22-M), which provides procedures and requirements for COMSEC activities; and

(ii) Have or acquire approved safeguarding for at least Secret information, and continue to qualify under the NISPOM for retention of its FCL and approved safeguarding; and

(iii) Obtain access to DoD's secure voice and data transmission systems supporting the voluntary DIB CS program.

(b) [Reserved]

[80 FR 59584, Oct. 2, 2015, as amended at 81 FR 68317, Oct. 4, 2016]


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.