On October 8, DoD issued a class deviation to the August 26 interim DFARS rule we reported on here which called for contractors working with covered defense information (which includes export-controlled information) to implement security requirements contained in NIST Special Publication (SP) 800-171. The class deviation allows offerors up to nine (9) months, after contract award, to comply with the derived security requirement 3.5.3 “Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts” within NIST Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”. Offerors must notify the contracting officer is the additional time for compliance will be necessary. A copy of the class deviation is available here.
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact firstname.lastname@example.orgRegister
DoD issues class deviation regarding its network penetration rule
International Compliance blog
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email email@example.com.
Related topic hubs
Wal-Mart Stores Inc
"Generally, this service is wonderful. I find that the employment law newsfeeds are extremely helpful and relevant. The quality of the articles is usually quite good. The website provides an avenue for quick research regarding various employment law issues."