Lloyd J. Austin III Secretary of Defence | Official website
The Office of the Under Secretary of Defense for Acquisition and Sustainment, in collaboration with the Office of the Chief Information Officer, has announced a Defense Federal Acquisition Regulation Supplement (DFARS) class deviation related to cybersecurity standards for covered contractor information systems.
According to the announcement, the class deviation aims to allow the industry a more deliberate transition in anticipation of the upcoming release of the revised National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, titled "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."
In addition, the deviation is intended to provide the Department of Defense with the necessary time to align supporting mechanisms effectively. The Office of the Under Secretary of Defense for Acquisition and Sustainment stated, "The intent of this class deviation is to provide industry time for a more deliberate transition upon the forthcoming release of the NIST Special Publication 800-171 revision."
The class deviation introduces an alternative clause that mandates contractors subject to DFARS clause 252.204-7012 to comply with NIST SP 800-171 Revision 2, rather than the version in effect at the time of solicitation issuance.
More information about the class deviation can be accessed on the Defense Pricing and Contracting public website at https://www.acq.osd.mil/dpap/policy/policyvault/USA000814-24-DPC.pdf.
