Looming Deadline for Cybersecurity Regulations – December 31, 2017: DFARS Subpart 204.73 & DFARS 252.204-7012.

The Anneal Initiative team just returned from the Wichita Cyber Security Forum where professionals convened to learn, share, and discuss the importance of cybersecurity.

While at the conference, we provided training on the latest Department of Defense cybersecurity regulation that will impact non-federal entities contracting with them (often referred to as DFARS Subpart 204.73 or DFARS 252.204-7012). These regulations impact contractors, subcontractors, universities and state agencies – basically any entity that handles sensitive, unclassified government data. Check out the Controlled Unclassified Information (CUI) registry to assess if any information you handle could be considered CUI here. A lot of unexpected items are actually considered CUI, and even if a contract doesn’t begin with any CUI, entities might develop it during the course of executing a contract.

For more information on this regulation, check out our PowerPoint presentation here. We built this presentation for a 45 minutes conference breakout session, so it definitely does not include every detail of what you need to know regarding the DoD regulation, but we have tried to break this down for those of you who likely do not have the time to do it yourselves. One of the main items non-federal entities need to tackle to become compliant with DFARS Subpart 204.73 is a System Security Plan per the standards established in NIST SP 800-171. Anneal Initiative can be your partner in reaching DFARS Subpart 204.73 compliance.

The deadline for compliance is December 31, 2017! If you have questions or concerns about your own need to be DFARS 204.73 compliant or build a System Security Plan, email us at cyber@annealinitiative.com or check out our website at annealinitiative.com.

For other agencies impacted by cybersecurity regulation changes, more to follow…