The Defense Department has issued an interim rule that amends a provision in the Defense Federal Acquisition Regulation Supplement to enable contractors to implement National Institute of Standards and Technology security requirements through Dec. 31, 2017.
A notice posted Wednesday on the Federal Register indicated that the extension is in response to industry feedback on another DFARS interim rule issued in August.
The initial interim rule covered vendor compliance with cloud security requirements under NIST Special Publication 800-171 to safeguard defense information on contractor systems.
This latest interim rule also requires vendors to report unmet NIST SP 800-171 requirements to the DoD chief information officer within 30 days of the contract award.
According to the notice, public comments to the interim rule are due Feb. 29.
