Federal government contractors, grantees and those with cooperative agreements may find themselves in possession of (or handling) government information which the U.S. Department of Defense (DoD) considers to be sensitive or confidential but not considered “classified.” On Dec. 31, 2017, in accordance with DFARS 252.204-7012 the National Institute of Standards and Technology (NIST) Special Publication 800-171 “Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations” or the “Cyber Clause” went into effect. The purpose of the clause is to provide a uniform standard for the handling of CUI and to provide a roadmap for safeguarding CUI and covered defense information (CDI) that is a subset of CUI.  Specifically, the new regulation focuses on addressing “deficiencies in managing and protecting unclassified information” including “inconsistent markings” and “inadequate safeguarding” by “standardizing procedures” for the handling of CDI/CUI and “providing common definitions through a CUI Registry.

CDI is defined as unclassified information, as described in the CUI Registry that requires safeguarding or dissemination controls and requires, at minimum, the implementation of NIST SP 800-171 controls. Continue Reading DoD Cyber Security Rules Took Effect for Contractors Dec. 31, 2017