The Department of Defense (DOD) earlier today issued an interim rule, effective immediately, that significantly increases existing cybersecurity requirements for DOD contractors. The requirements in the interim rule, available here, have broad applicability to DOD contractors at both the prime and subcontract levels, including commercial item and small business contractors. Contractors can expect these requirements to begin showing up in new DOD contracts immediately and should begin taking steps to ensure compliance.
The interim rule contains a number of new and revised DOD cybersecurity requirements. The key issues are summarized below.
Scope of the DOD requirements
The interim rule significantly expands the scope of the prior unclassified c...