• Achieving Cyber-Fitness In 2017: Part 3—Proving Compliance And The Role Of Third-Party Auditors
  • May 3, 2017 | Authors: Melinda R. Biancuzzo; Townsend L. Bourne; John W. Chierichella; Laura E. Jehl
  • Law Firm: Sheppard, Mullin, Richter & Hampton LLP - Washington Office
  • The Department of Defense final rule for safeguarding covered defense information requires contractors to implement the security controls in National Institute of Standards and Technology Special Publication (SP) 800-171 by December 31. See 81 Fed. Reg. 72986 (Oct. 21, 2016); Chierichella, Bourne and Biancuzzo, Feature Comment, “Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance,” 59 GC ¶ 25. In enacting the final rule, the drafters created “[n]o new oversight paradigm” or certification requirement. 81 Fed. Reg. 72990. More recently, in response to questions from industry on compliance with NIST SP 800-171, DOD stated,