(a) To participate in the DIB CS Program, a contractor must own or operate a covered contractor information system and shall execute the standardized FA with the Government (available during the application process), which implements the requirements set forth in §§ 236.5 and 236.6.

(b) In order for DIB CS Program participants to receive classified cyber threat information electronically, the company must be a cleared defense contractor and must:

(1) Have an existing active facility clearance level (FCL) to at least the Secret level in accordance with 32 CFR part 117;

(2) Have or acquire a Communication Security (COMSEC) account in accordance with 32 CFR part 117, which provides procedures and requirements for COMSEC activities;

(3) Have or acquire approved safeguarding for at least Secret information, and continue to qualify under 32 CFR part 117 for retention of its FCL and approved safeguarding; and

(4) Obtain access to DoD's secure voice and data transmission systems supporting the voluntary DIB CS Program.

[89 FR 17749, Mar. 12, 2024]