From: National Defense Magazine
***
The Pentagon’s current approach for establishing and maintaining contractor compliance with cybersecurity standards is through the contract clause at Defense Federal Acquisition Regulation Supplement 252.204-7012, which as of Dec. 31, 2017, required covered contractors to implement the National Institute of Standards and Technology Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” Importantly, contractors “self-attest” to meeting those requirements, which is often a difficult assessment.
As the Defense Department warns in its guidance accompanying these requirements, however, “[u]ltimately, it is the contractor’s responsibility to determine whether it is has implemented the NIST SP 800-171 (as well as any other security measures necessary to provide adequate security for covered defense information).”
Leave a Reply