New information security rules governing defense industrial base firms take effect on Dec. 31. The rules require compliance with the new standard for protecting "controlled unclassified information" from the National Institute of Standards and Technology and set time limits on contractors for reporting system breaches.
The Department of Defense has published guidance to facilitate implementation, but that guidance does not overcome the larger business dilemma the requirements may create.