As we discussed in Part I, federal defense contractors now must comply with new cybersecurity requirements propounded by the National Institute
of Standards and Technology (NIST). The new standards, NIST Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, Revision 2; NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, issued on June 13, 2018, and the draft of NIST SP 800-171B, Enhanced Security Requirements for Critical Programs and High Value Assets, all provided updates to the manner in which defense contractors hold or should hold covered defense information (CDI). More interestingly, however, was the sense that these new standards were leading to bigger changes in the cybersecurity landscape, and indeed they were.
8.16.2019