If you are a contractor or subcontractor that handles controlled unclassified information (CUI), the deadline for implementing security requirements under DFARS § 252.204-7000 (and following sections) and NIST SP 800-171 is December 31, 2017.
The U.S. Department of Defense (DoD) has issued a revised Cybersecurity Discipline Implementation Plan. The previous version of the plan was issued in October 2015; the latest edition was released in February 2016.
On December 30, 2015, the U.S. Department of Defense issued a new interim rule about implementing a previously issued interim rule about cyber security. The new interim rule gives government contractors and subcontractors more time to implement security requirements.
On October 30, the U.S. Department of Defense (DoD) issued a final rule governing supply-chain risk and government procurement. This final rule replaces the interim rule issued on November 28, 2013.
On August 26, 2015, the U.S. Department of Defense (DoD) issued an interim rule that affects almost all government contractors. The interim rule requires government contractors to report “cyber incidents” that result in real or actual adverse effects on contractor information systems. The rule went into effect immediately.