By the end of 2017, government contractors and subcontractors will have to comply with regulations safeguarding unclassified Covered Defense Information (CDI) or they will lose their federal contracts.
The Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7008 and 252.204-7012 are part of the U.S. government’s heightened focus on cybersecurity threats. As a result, there are 109 controls issued by the National Institute of Standards and Technology (NIST)’s Special Publication, SP 800-171, that must be implemented by contractors by end of year.
Protected information includes technical, administrative, or operational unclassified information from the Department of Defense (DoD) regarding employment contracts.
Many companies, especially small businesses, may find it difficult to meet the rigors of these new statutes. Staffing agencies and their clients can check the DoD’s FAQ on DFARS for more information on the rules and how to implement them.