On August 26, 2015, the Department of Defense put into effect an interim rule that expands cybersecurity regulations governing defense contractor information systems that store, process, or transmit “covered defense information” (CDI) in connection with a defense contract. The definition for CDI now encompasses a broader category of data than “unclassified controlled technical information,” the term used in prior regulations. Among other things, the interim rule requires that all defense contractors provide “adequate security” for CDI. Defense contractors must also fully investigate and report any cyber incidents affecting contractor information systems with CDI.