The Defense Department is tightening the cybersecurity standards contractors need to meet in order to do business with the Pentagon.
DoD released a handful of new guidance and memos over the last three months, giving teeth to rules that require companies to shape up their cybersecurity practices or risk losing business.
The policies are based off of a rule DoD tried to implement back in 2013, but realized contractors needed more time to comply. The rule finally took effect at the end of 2017, and companies that want to work with the Pentagon need to make sure they are up to snuff when complying with the National Institute of Standards and Technology Special Publication 800-171.
“DoD wants to get everyone to a certain cybersecurity level,” Susan Cassidy, a partner specializing in defense and procurement at Covington and Burling LLP told Federal News Network. “Now they are tightening up and they are going to make it a performance and award differentiator.”
Cassidy said before an award, DoD’s policy requires companies…
