Payal Vadhani of Aronson LLC examines the recent revisions of the Defense Department’s official Cyber Strategy – the first in three years – and the impact they are likely to have government contractors. Based on the increasing focus on security as an integral feature rather than an after-thought, Vadhani warns that “prime and subcontractors that are not compliant with security standards will not be able to win business.” This will extend to the supply chains of contractors, who will be held responsible for each subcontractor.
She suggests that contractors become familiar with cybersecurity regulations that Defense applies to itself, because they could become applicable to contractors as well. At the least, companies should become compliant with NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is becoming the first step to demonstrating eligibility.