Report: GSA’s Proposed Rule to Require Compliance With NIST’s Federal Data Protection Framework

The General Services Administration has introduced a proposed rule that would direct civilian contractors to comply with a National Institute of Standards and Technology framework that aims to protect controlled unclassified information in nonfederal data systems, Federal News Radio reported Monday.

GSA will seek public comments on the proposed rule between April and June 2018.

NIST’s Special Publication 800-171 took effect at the end of 2017 and requires contractors, federal grant recipients, state governments and other nonfederal entities to safeguard CUI data.

The Defense Department originally required contractors to comply with the NIST framework by Jan. 1, but instead directed companies to have “system security plans” in place by the end of December 2017 to meet the standards.

Check Also


NSA Warns of Cyber Vulnerability in Email Transfer Software

The National Security Agency has identified a vulnerability that Russian cyber actors take advantage of to attack mail transfer networks. Sandworm Team, a Russian military group, has exploited the CVE-2019-10149 vulnerability found in the Exim software that Linux and Unix systems use as a mail transfer agent, NSA said Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *