October 20, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

2018 Likely a Year of Rising Government Standards for Securing Information

For companies that do business with the government, 2017 was a year of transition, as many began to follow the NIST Cybersecurity Framework, worked to accomplish Federal Risk and Authorization Management Program (FedRAMP) certification, or rushed to rid their systems of products from Kaspersky Lab. Perhaps most significant was the rush of Pentagon contractors to come into compliance by year’s end with NIST Special Publication (SP) 800-171, as mandated by a new provision of the Defense Federal Acquisition Regulation Supplement (DFARS). This provision requires contractors to comply with NIST’s standards on protecting Controlled Unclassified Information (CUI).

The news for 2018 is that this heavy lift is coming for all government contractors, not just those dealing with the Defense Department. By all accounts, within a few months, the government will issue a new regulation and clause under the Federal Acquisition Regulation (FAR), following the Pentagon’s lead in applying NIST 800-171 to all government agencies. This is expected to bring a significant amount of tumult, as tens of thousands of companies will find themselves subject to comprehensive new standards on information security, when dealing with sensitive (but not classified) government information.

Putting it Into Practice: Companies that do business with the federal government, or hope to, should begin planning to come into compliance with the NIST CUI standards. Doing so takes time and effort; those that start early will be rewarded with less time pressure and be in a better position to secure government contracts. 

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...