Home / Cybersecurity / Report: DoD Says Contractors Must Have ‘System Security Plans’ by Year’s End

Report: DoD Says Contractors Must Have ‘System Security Plans’ by Year’s End

A spokesman for the Defense Department has said defense contractors must have “system security plans” in place by Dec. 31 to comply with the National Institute of Standards and Technology’s federal data protection regulations, Defense One reported Wednesday.

“We are not delaying the deadline,” the DoD spokesman said in an email statement to the publication.

“Contractors must document the state of their information system in a ‘system security plan’ and document how and when they will implement any ‘not yet implemented’ requirements in associated plans of action,” the spokesman added.

NIST’s Special Publication 800-171 requires contractors to protect controlled unclassified data stored and processed in nonfederal information systems as well as comply with 110 security controls.

Ellen Lord, defense undersecretary for acquisition, technology and logistics, also reiterated at a Senate Armed Services Committee hearing that companies should have that plan by the end of this year.

“We said that clearly the only requirement for this year is to lay out what your plan is,” Lord said during the Dec. 7 hearing.

This story was originally published on December 15, 2017. 

Check Also

Allen Hill Named Director of GSA’s Telecom Services Office

Allen Hill, a 20-year veteran of the U.S. Air Force, was appointed director of the Office of Telecommunications Services within the General Services Administration’s Federal Acquisition Service, FCW.com reported Thursday. Hill serves as the deputy director of information technology services at the office of the Department of Education’s chief information officer and will assume his new role on Dec. 23. He worked for CACI International and Verizon prior to his current position.

Leave a Reply

Your email address will not be published. Required fields are marked *