The US Department of Defense (DOD) earlier today issued a second interim rule, effective immediately, that gives affected contractors until December 31, 2017, to implement fully compliant cyber security controls.
The cyber security requirements, contained in the National Institute of Standards and Technology (NIST) Special Publication (SP) No. 800-171, were part of a prior interim rule issued in August 2015. Sometimes referred to as the Network Penetration Rule, DOD’s first interim rule had required immediate compliance with NIST SP 800-171 at both the prime and subcontract levels. Although DOD’s second interim rule gives contractors additional time to implement the requirements of NIST SP 800-171, the rule as revised still imposes certain near-term burdens on affected contractors and subcontractors. Read the full article.