On August 26, 2015, the U.S. Department of Defense (DoD) issued an interim rule that affects almost all government contractors. The interim rule requires government contractors to report “cyber incidents” that result in real or actual adverse effects on contractor information systems. The rule went into effect immediately.

If you are a government contractor that must maintain an information system for the government under a contract, you will want to take note of a recent document issued by the National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce: “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” NIST Special Publication 800-171.