UPDATE: DoD Cybersecurity Rules Expand Contractors’ and Other DoD Awardees’ Obligations to Safeguard Sensitive Data and Report Cyber Incidents

Orrick, Herrington & Sutcliffe LLP
Contact

Orrick, Herrington & Sutcliffe LLP

On December 30, 2015, DoD published an interim rule, effective immediately, amending portions of the August Rule. Most importantly, pursuant to the new rule, contractors administering covered information systems that are not being operated on behalf of the government now have until December 31, 2017 to implement the new NIST SP 800-171 standards. Previously, through a class deviation, contractors were given an additional nine months after contract award to comply with the multifactor authentication provisions of NIST SP 800-171. The new December 31, 2017 deadline gives contractors significantly more time to implement all of the requirements of NIST SP 800-171.

Additionally, the interim rule provides that contractors must notify the DoD Chief Information Officer (CIO) via email within 30 days of contract award of any NIST SP 800-171 requirements not implemented at the time of the contract award. Finally, the new rule provides that the security and reporting requirements of the August Rule must flow down to subcontractors only when those subcontractors are dealing with CDI or providing operationally critical support.

This client alert is an update to an alert initially circulated on December 1, 2015. To view the original alert, please click here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick, Herrington & Sutcliffe LLP | Attorney Advertising

Written by:

Orrick, Herrington & Sutcliffe LLP
Contact
more
less

Orrick, Herrington & Sutcliffe LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide