|
Federal Market Intelligence for Small Business |
|
|
|
|
DOD delays cyber requirementsThe Defense Department is delaying for nearly two years most of its recent requirements for contractors to show they can protect sensitive but unclassified information from cyberattacks. The new deadline is Dec. 31, 2017. The requirements also apply to subcontractors, which includes many small businesses. Bloomberg estimated that up to 10,000 companies would be affected. Pentagon officials said they got feedback from contractors that it would be difficult to fully comply with the new rules, so the deadline for a portion of the rules was extended. In August 2015, DOD published an interim rule effective immediately saying contractors must report cyber breaches, follow cloud computing protocols and comply with the National Institute of Standards and Technology’s Publication 800-171 cyber requirements for “covered” defense industry information. The NIST publication consists of dozens of security protocols involving mostly access controls and configuration management. Industry pushed back, and Pentagon officials issued an amended interim rule in December to roll back the implementation of the NIST standards to the end of 2017. Comments are due by Feb. 29. Mandatory reporting of cyber breaches remains in effect. Contractors who have not implemented all the NIST standards must notify the DOD Chief Information Officer within 30 days of award, via email, according to an analysis by Wiley Rein LLP. The company also must agree to implement the NIST standards at a later date, or else get a DOD CIO representative’s OK for equivalent protections.
More information: Federal Register notice: https://goo.gl/uyXcqI
|
|
Copyright © 2016 Business Research Services Inc. 301-229-5561 All rights reserved.