The Department of Defense has released a Defense Federal Acquisition Regulation Supplement class deviation concerning cybersecurity standards for covered contractor information platforms.
DOD said Thursday the class deviation seeks to provide more time for industry to transition to the National Institute of Standards and Technology’s revised Special Publication 800-171, which addresses the protection of controlled unclassified data in nonfederal information systems.
According to DOD, the class deviation will also provide the department time to align the necessary supporting mechanisms.
The latest DOD document includes definitions of several terms, including controlled technical information, covered defense information and cyber incident, and establishes information security protections that contractors should implement to provide adequate security on all covered contractor information systems.
The department also details cyber incident reporting requirements and offers measures for handling malicious software and accessing additional information needed to conduct a forensic analysis.
John Tenaglia, principal director of defense pricing and contracting at DOD, on Tuesday signed the class deviation, which was issued by the Office of the Undersecretary of Defense for Acquisition and Sustainment.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.