On December 30, 2015, the Department of Defense
("DOD") revised the Defense Federal Acquisition
Regulations Supplement ("DFARS") interim rule on required
cybersecurity measures for defense contractors. As published in
August 2015, the revised DFARS clause 252.204-7012 required
contractors to provide "Adequate Security" for Covered
Defense Information by implementing the security requirements of
the NIST Special Publication 800-171, "Protecting Controlled
Unclassified Information in Nonfederal Information Systems and
Organizations." After publishing that rule, the DOD issued a
class deviation allowing contractors up to nine months for
implementation of security requirements. The December 30, 2015,
Interim Rule gives contractors additional time to implement the
requirements of NIST SP 800-171 and incorporates a number of
changes that will affect contractors' cybersecurity compliance
policies. For further discussion on the revised DFARS interim
rule, see the
Jones Day Alert.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.