April 10, 2017

DoD to Host Industry Information Day on Implementation of Cybersecurity Rules

Holland & Knight Government Contracts Blog
Mary Beth Bosco

The Dec. 31, 2017 deadline for Department of Defense (DoD) contractors to comply with DoD’s cybersecurity and breach reporting requirements is looming. The requirements, which are set forth in DoD’s Oct. 21, 2016, final rule, "Network Penetration Reporting and Contracting for Cloud Services," apply to all contractors – including small businesses – that support DoD contracts and handle controlled unclassified information (CUI).

On June 23, 2017, DoD will host an Industry Information Day, open to all contractors, to brief industry on implementation of the new rules and to address industry feedback. In order to attend, companies need to register at osd.dibcsiaevents@mail.mil by June 12, 2017. Companies can also submit written questions to the same address by May 1, 2017. The public meeting will be held at the Mark Center Auditorium, 4800 Mark Center Drive, Alexandria, Va. 

The DoD Industry Information Day underscores the scope and importance of the cybersecurity rules. By the Dec. 31, 2017 deadline, most DoD contractors will need to have information systems meeting the standards contained in National Institute of Standards and Technology (NIST) Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, or an "equally effective" system that must be approved before award. Contractors must additionally implement policies and processes designed to ensure compliance with the rule's 72-hour breach notification deadline. 

DoD contractors who have not already done so will need to review their existing information security policies and procedures to identify and remedy any gaps between their information security systems and the NIST 800-171 standards by the end-of-year implementation deadline.

Related Insights