On December 30, 2015, the U.S. Department of Defense issued a new interim rule about implementing a previously issued interim rule about cyber security. The new interim rule gives government contractors and subcontractors more time to implement security requirements.
The first interim rule, issued in August 2015, required immediate implementation of reporting requirements for “cyber incidents” as required by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. Contractors will now be given until December 31, 2017, to implement these requirements. In addition, some of the “flowdown” requirements for subcontractors have been reduced.
See previous posts for more information:
- DoD issues interim rule about computer security that affects all government contractors.
- The writing is on the wall for controlled unclassified information.
Items on this web page are general in nature. They cannot—and should not—replace consultation with a competent legal professional. Nothing on this web page should be considered rendering legal advice.