Our October 16, 2015 blog discussed DOD’s cybersecurity regulatory changes. This blog updates that information.
After issuing its earlier rule, the DOD has issued a new interim rule delaying most compliance implementation until December 31, 2017. This is apparently in recognition of the difficulties and expense associated with implementation as noted in our earlier blog.
In that same vein, the interim rule amends flowdown requirements to limit subcontractor coverage to those providing “operationally critical support.” But, although most compliance implementation is delayed, informing DOD of certain cybersecurity shortcoming at the time of awards remains a current requirement.