Federal Acquisition Regulation rule gets NIST standards update

The current Federal Acquisition Regulation rule will soon apply the National Institute of Standards and Technology standard, according to the Department of Defense's Cybersecurity Maturity Model Certification Head Stacy Bostjanick, which means it will cover the same 110 controls that fall under 800-171, FedScoop reports. In a virtual event hosted by PreVeil, Bostjanick said that DOD has been collaborating with The Federal Chief Information Security Officer Council "to make sure that were consistent across all of the federal government, how we view those 110 controls [under NIST SP-800-171], so were not going to be onerous on the industry partners." It is still unclear if the new FAR rule will also require an independent assessment organization to attest that civilian contractors holding controlled unclassified information can meet all 110 of those controls. Meanwhile, Bostjanick tells hesitant contractors that "its coming across of all federal government -- you might as well get out in front of it and be one of the first."