An article co-authored by Ari Schwartz, "Will new breach reporting rules make defense firms more secure?" was featured in Federal Computer Week on November 29, 2017. Here is an excerpt:
New information security rules governing defense industrial base firms take effect on Dec. 31. The rules require compliance with the new standard for protecting "controlled unclassified information" from the National Institute of Standards and Technology and set time limits on contractors for reporting system breaches.
The Department of Defense has published guidance to facilitate implementation, but that guidance does not overcome the larger business dilemma the requirements may create.
New information security rules governing defense industrial base firms take effect on Dec. 31. The rules require compliance with the new standard for protecting "controlled unclassified information" from the National Institute of Standards and Technology and set time limits on contractors for reporting system breaches.
The Department of Defense has published guidance to facilitate implementation, but that guidance does not overcome the larger business dilemma the requirements may create.