NIST SP 800-171

UPDATE: DoD Cybersecurity Rules Expand Contractors’ and Other DoD Awardees’ Obligations to Safeguard Sensitive Data and Report Cyber Incidents

data privacy

On December 30, 2015, DoD published an interim rule, effective immediately, amending portions of the August Rule. Most importantly, pursuant to the new rule, contractors administering covered information systems that are not being operated on behalf of the government now have until December 31, 2017 to implement the new NIST SP 800-171 standards. Previously, through a class deviation, contractors were given an additional nine months after contract award to comply with the multifactor authentication provisions of NIST SP 800-171. The new December 31, 2017 deadline gives contractors significantly more time to implement all of the requirements of NIST SP 800-171.