On October 21, 2016, the Department of Defense (DoD) issued its long-awaited Final Rule — effective immediately — imposing safeguarding and cyber incident reporting obligations on defense contractors whose information systems process, store, or transmit covered defense information (CDI).
The Final Rule has been years in the making and is the culmination of an initial rule issued in November 2013, two interim rules published in August 2015 and December 2015, and years of comments and experience by DoD and its contractors. The new Rule materially alters the predecessor rule in a number of respects and clarifies several important issues relating to contracting for cloud computing services.
To see key substantive changes in the final rule, click this link: https://www.insidegovernmentcontracts.com/2016/10/cybersecurity-update-dod-releases-long-awaited-final-rule/
To see a full analysis of the new Rule by Covington & Burling, LLP, click this link: https://www.cov.com/-/media/files/corporate/publications/2016/10/department_of_defense_issues_final_rule-network_penetration_reporting_and_contracting_for_cloud_services.pdf