April 29, 2016
AIA’s Cyber Security Committee, comprised of industry cyber security executives, CIOs, and at times technical analysts, works with the Defense Department in establishing industry-wide near-term and long-range cyber security planning and policy development to meet information protection requirements. AIA’s overarching goal for Cyber Security is to look to the future to assist in developing policies and plans to thwart future threats.
AIA has been at the forefront of industry concerns with the DoD’s release of the 26 Aug 2015 Interim Rule (DFARS Case 2013–D018). Implementation of the Interim Rule was immediate and caused industry, primes and suppliers alike, to realize the implications within the multitude of changes in the National Institute of Standards and Technology (NIST) Special Publication 800-171 (NIST SP 800-171). On 30 Dec 2015, DoD released a second interim rule which provides some additional updates restated the implementation timeframe from immediate, to requiring compliance by 31 Dec 2017.
AIA is currently engaged in a dialogue with the DoD and other involved federal agencies in an effort to find acceptable implementation practices to the more difficult controls listed in the NIST SP 800-171. The end-goal being the development of a NIST SP 800-171 implementation guide. AIA expects the final rule will be published later this Fall.