On 29 September 2020, the Department of Defense (DoD) issued an interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS), Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041), 85 Fed. Reg. 61,505 (29 September 2020), available here. The interim rule establishes a two-pronged approach to assess and verify the Defense Industrial Base’s (DIB) ability to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) on contractor information systems or networks based on:
- The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology; and
- The Cybersecurity Maturity Model Certification (CMMC) framework.
Read More: Aerospace and Defense Insights | New Department of Defense rules significantly heighten cybersecurity compliance requirements
Authored by Stacy Hadeka, Michael Scheimer, and Michael F Mason.