The Department of Defense has extended the deadline for federal contractors to implement new cybersecurity requirements until 31 December 2017. The requirements are imposed under the Defense Federal Acquisition Regulation Supplement. The interim rule which extended the deadline also provides that contractors must notify the Department of Defense Chief Information Office of any security requirements that are not implemented at the time the contract is awarded. This notification must be made within 30 days of the contract being awarded.

Federal Register (PDF)