The U.S. Department of Defense (DoD) has put forward a significant memorandum outlining new cybersecurity compliance requirements for defence contractors. This document establishes “organization-defined parameters” (ODPs) to prepare for the adoption of NIST SP 800-171 Revision 3. This upcoming standard will reshape compliance expectations under various regulations including DFARS 252.204-7012.
Key Points
- The DoD’s memorandum calls for defence contractors to adopt NIST SP 800-171 Rev. 3 as the minimum cybersecurity standard.
- Current compliance governs under Rev. 2, which will remain in effect until Rev. 3 is formally implemented.
- Important changes in Rev. 3 include updated security requirements aligned with NIST SP 800-53, enhancing clarity and flexibility.
- Organisation-defined parameters (ODPs) are introduced, allowing contractors to tailor security requirements flexibly.
- Contractors should prepare for transitioning to Rev. 3 and update their security documentation accordingly.
Why should I read this?
If you’re in the defence contracting space, this is crucial reading! DoD’s shift to new cybersecurity standards, especially the introduction of ODPs, will significantly affect how you manage compliance. Get ahead of the curve by understanding these upcoming changes now, instead of scrambling later when the rules change. We’ve done the legwork for you—dive into the details for a clearer picture of what’s coming!
