DoD said in a Dec. 30, 2015 notice posted on Federal Register that defense contractors have until Dec. 31, 2017 to comply with security provisions stipulated in NISTâs Special Publication 800-171.
The NIST publication contains requirements for contractors on how to protect sensitive data stored in contractorsâ information networks and systems.
The department will also require contractors to inform DoDâs chief information officer of any NIST provisions that were not implemented within one month of contract award, according to the interim rule.
Comments on the proposed rule are due Feb. 29, according to the notice.