Pentagon delays cyber contracting requirements
In the face of industry resistance, the Department of Defense has delayed until the end of 2017 a key set of requirements for contractors to show they can protect sensitive but unclassified information from hackers.
The Pentagon in August issued an interim acquisition rule ordering contractors to adopt a National Institute of Standards and Technology standard with a slew of security requirements around access control and configuration management. Contractors said they needed more time to switch from one NIST standard to another, and the Pentagon yielded after a mid-December meeting with industry representatives. The department on Dec. 30 issued an updated interim rule announcing the delay.