If you are a contractor or subcontractor that handles controlled unclassified information (CUI), the deadline for implementing security requirements under DFARS § 252.204-7000 (and following sections) and NIST SP 800-171 is December 31, 2017.
On September 21, 2017, the U.S. Department of Defense issued guidance to procurement officers about their responsibilities under these provisions. We recommend that contractors review this guidance to help them prepare for compliance with the regulations.
DFARS § 252.204-7000 refers to the Defense Federal Acquisitions Regulations Supplement § 252.204-700, also cited as 48 C.F.R. § 252.204-7000. There are several other regulations in this sequence related to this issue. These regulations were adopted on October 21, 2016 when a final rule was published in the Federal Register (82 F.R. 72986).
NIST SP 800-171 refers to National Institute of Standards and Technology Special Publication entitled “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”
For more information about controlled unclassified information, see our previous post:
Items on this web page are general in nature. They cannot—and should not—replace consultation with a competent legal professional. Nothing on this web page should be considered rendering legal advice.