There are several helpful resources for contractors looking to comply with the National Institute of Standards and Technologies Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” To help contractors meet the requirements, NIST recently issued NIST Handbook 162, entitled “NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in … Read More
Ohio is poised to lead the nation by incentivizing businesses to implement certain cybersecurity controls, which can be an affirmative defense to a data breach claim based on negligence. Under the proposed legislation, if a business is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the business can assert its compliance with the cybersecurity control as an affirmative defense at trial.
For years we have counseled our clients to implement a comprehensive data … Read More
The Network Penetration Reporting and Contracting for Cloud Services Rule was the subject of two interim rules published Aug. 26, 2015 (80 FR 51739) and Dec. 30, 2015 (80 FR 81472), before being published as a final rule Oct. 21, 2016 (81 FR 72986), and clarified by DoD through answers to Frequently Asked Questions (FAQs), published Jan. 27, 2017.
The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).
However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a … Read More