securitThe Defense Department has given contractors two years to meet new requirements for securing sensitive DoD data on non-Federal IT systems, responding to industry concerns over moving too quickly to the new standards.
The New Defense Federal Acquisition Regulation Supplements (DFARS) were supposed to go into effect Dec. 31. But DoD backed off its initial plan after industry objections surfaced last fall.
The new DFARS was published in August 2015 to reflect the “urgent need to increase the cyber security requirements” on information held by contractors, said DOD spokeswoman Lt. Col. Valerie Henderson.
The new rules require contractors to comply with National Institute of Standards (NIST) Special Publication 800.171 to protect Controlled Unclassified Information (CUI).
The 77-page document establishes a streamlined set of controls drawn from the much larger Special Publication 800-53, a 462-page catalog of NIST security controls developed for federal IT systems.
Keep reading this article at: https://www.govtechworks.com/protecting-sensitive-government-info-on-contractor-networks