No Post-Thanksgiving Break for Cyber – DoD and NIST Publish New Guidance
Client Alert | 1 min read | 12.01.17
Both the Department of Defense and National Institute of Standards & Technology (NIST) have put pen to paper and provided new information for contractors looking to comply with DFARS 252.204-7012 and its accompanying cybersecurity requirements under NIST Special Publication (SP) 800-171. Earlier this week, the DoD posted guidance explaining that contractors can still use system security plans (SSPs) under the original version of NIST SP 800-171 to “document implementation” under the DFARS Clause, despite that version not including SSPs as a security control requirement. Separately, NIST published a draft of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, providing guidance to both contractors and their customers regarding how to conduct assessments under NIST SP 800-171. Importantly, the draft is open to comment through December 27, 2017, providing contractors with a unique opportunity to weigh in on how their customers may ultimately judge compliance with the DFARS Clause’s security requirements.
Contacts
Insights
Client Alert | less than 1 min read | 03.13.24
Crowell Talks Tax: The Inflation Reduction Act's Domestic Content Bonus Credits (VIDEO)
Client Alert | 8 min read | 03.13.24
HHS Finalizes Significant Modifications Aligning Part 2 Regulations with HIPAA
Client Alert | 1 min read | 03.12.24
Client Alert | 3 min read | 03.11.24
DOJ Offers Cash “Carrot” to Whistleblowers; Foreshadows “Stick” of More Corporate Enforcement