via Fierce Government IT
The Defense Department is extending by 93 days the comment period for a proposed change to the Defense Federal Acquisition Regulation Supplement that would require contractors in possession of unclassified yet nonpublic information to comply with National Institute of Standards and Technology cybersecurity standards. Under the proposed rule, the DoD would set up two standards of cybersecurity that private sector contractors would have to contractually affirm an ability to implement: A “basic” standard for any contractor in possession of nonpublic DoD data, and an “enhanced” standard for other contractors holding anything the DoD considers to be more sensitive than that, yet still not classified.
Comments are now due no later than Nov. 30. Go to the Federal Register notice.
Original article here.