The Defense Department has released a draft regulation that seeks to amend the Defense Federal Acquisition Regulation Supplement in an effort to provide additional time for contractors to comply with the National Institute of Standards and Technology’s security requirements for cloud services.
DoD said in a Dec. 30, 2015 notice posted on Federal Register that defense contractors have until Dec. 31, 2017 to comply with security provisions stipulated in NIST’s Special Publication 800-171.
The NIST publication contains requirements for contractors on how to protect sensitive data stored in contractors’ information networks and systems.
The department will also require contractors to inform DoD’s chief information officer of any NIST provisions that were not implemented within one month of contract award, according to the interim rule.
Comments on the proposed rule are due Feb. 29, according to the notice.