The General Services Administration has introduced a proposed rule that would direct civilian contractors to comply with a National Institute of Standards and Technology framework that aims to protect controlled unclassified information in nonfederal data systems, Federal News Radio reported Monday.
GSA will seek public comments on the proposed rule between April and June 2018.
NIST’s Special Publication 800-171 took effect at the end of 2017 and requires contractors, federal grant recipients, state governments and other nonfederal entities to safeguard CUI data.
The Defense Department originally required contractors to comply with the NIST framework by Jan. 1, but instead directed companies to have “system security plans†in place by the end of December 2017 to meet the standards.
