A spokesman for the Defense Department has said defense contractors must have âsystem security plansâ in place by Dec. 31 to comply with the National Institute of Standards and Technologyâs federal data protection regulations, Defense One reported Wednesday.
âWe are not delaying the deadline,âÂ the DoD spokesman said in an email statement to the publication.
âContractors must document the state of their information system in a âsystem security planâ and document how and when they will implement any ânot yet implementedâ requirements in associated plans ofÂ action,â the spokesman added.
NISTâsÂ Special Publication 800-171Â requires contractors to protect controlled unclassified data stored and processed in nonfederal information systems as well as comply with 110 security controls.
Ellen Lord, defense undersecretary for acquisition, technology and logistics, also reiterated at a Senate Armed ServicesÂ Committee hearing that companies should have that plan by the end of this year.
âWe said that clearly the only requirement for this year is to lay out what your plan is,âÂ Lord said during the Dec. 7 hearing.
This story was originally published on December 15, 2017.Â