DoD being asked to revisit cybersecurity rules

March 7, 2016

SBA’s advocacy office objects to impact of DoD’s cybersecurity rules on small businesses

Source: The Contracting Education Academy at Georgia Tech, Chuck Schadl, March 2, 2016

A unit of the Small Business Administration (SBA) has filed objections to the Department of Defense’s (DoD) implementation of federal cybersecurity requirements.

SBA’s Office of Advocacy says the rule will impose a significant financial burden on small businesses and could make it more difficult for small businesses to qualify for DoD contract awards.


The federal government’s cybersecurity rules were developed by the National Institute of Standards and Technology (NIST).  Guidelines entitled “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” (NIST Special Publication 800-171) were created to ensure that sensitive federal information remains confidential when stored in non-federal information systems and by outside organizations like contractors.

NISTNIST’s publication focus on minimum standards and best practices for 14 different “Security Requirement Families,” including access, incidence response, and assessments of information systems and security controls.  It provides a detailed list of basic and derived security requirements federal contractors need to employ to meet each of the standards.

DoD is the first agency to move toward implementation of the NIST rules, with other agencies sure to follow.

On August 26, 2015, DoD published a rule amending the Defense Federal Acquisition Regulation Supplement (DFARS).  Subsequently, on December 30, 2015, DoD provided notice that both large and small contractors would be given more time – until December 31, 2017 – to comply with the rules.  Until that time, however, contractors still would be required to document both their cybersecurity shortcomings as well as their progress toward full compliance with NIST rules.  According to the DFARS, in order to qualify for DoD contracts, businesses would not be allowed to have any security system gaps when full compliance with the NIST guidelines becomes mandatory on December 31, 2017.   READ MORE….

Contact your nearest PTAC if you have any questions about implementation of this Executive Order.


Keep up to date follow us on Twitter, LinkedIN or Facebook!

 For help with Government Contracting: contact your nearest Procurement Technical Assistance Center (PTAC). Funded through Cooperative Agreements between the U.S. Department of Defense and state and local governments/institutions, PTACs provide free and low-cost assistance in virtually all areas of government contracting.