Navigating Defense Department Cyber Rules
Defense contractors by Dec. 31 are expected to provide "adequate security" to protect "covered defense information" using cyber safeguards.
This obligation arises from a Defense Acquisition Regulation System Supplement clause, "Network Penetration Reporting and Contracting For Cloud Services," that was finalized last October and described in the National Institute of Standards and Technology (NIST) Special Publication 800-171. Thousands of companies who sell directly to the Defense Department, and thousands more who sell to its suppliers, are or will be, subject to the rule.
Continue reading at: