AIA’s Cyber Security Committee – comprised of industry cyber security executives, CIOs and technical analysts – works with the Defense Department in establishing industry-wide, near- and long-term cyber security planning and policy development to meet information protection requirements. AIA’s overarching goal for Cyber Security is to assist in developing policies and plans to thwart future threats.
AIA led the industry response expressing concern with DOD release of an Interim Rule (DFARS Case 2013–D018) on Aug. 26, 2015. Implementation of the Interim Rule was immediate, driving impacts throughout the industry supply chain from the multitude of changes in the National Institute of Standards and Technology (NIST) Special Publication 800-171 (NIST SP 800-171). DOD released a second interim rule on Dec. 30, 2015, which provided some additional updates and delayed the requirement to comply with the rule until Dec. 31, 2017.
The Final Rule was published by DOD on Oct. 21, 2016, followed by the release of Revision 1 from NIST of its NIST SP 800-171 standard in December 2016. To assist industry with implementing the 110 controls contained in the newly revised NIST SP 800-171, NIST released a draft “Assessment Guide” in November 2017 and followed that with a final version of the guide in June 2018.
AIA continues to engage with DOD, involved federal agencies and other trade associations in an effort to find acceptable implementation practices and is developing a standard that can be applied across industry focused on the security of systems rather than compliance with a specific set of static controls.