DoD’s Cybersecurity Rule Will Expand Assessments of Defense Industry to Safeguard Unclassified Information, Raising New Implementation Issues
The U.S. Department of Defense (DoD) has issued a long-awaited interim rule to safeguard unclassified information in the possession of defense contractors by making periodic assessments of a company's cybersecurity compliance a condition of eligibility for a contract award.
DoD's interim rule was published in the Federal Register on September 29, 2020, and will take effect November 30, 2020, subject to becoming final later after receipt of comments. DoD's decision to implement the rule before it becomes final—citing the need for urgency—unfortunately limits the opportunity for DoD to receive input.