The Department of Defense (DoD) is giving defense contractors a break on cybersecurity compliance. They recently issued a temporary rule (class deviation) that delays the adoption of the upcoming revision to the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.
This publication outlines cybersecurity requirements for protecting controlled unclassified information on non-federal information systems. The DoD is concerned that immediately requiring compliance with the new revision (Rev. 3) would be too disruptive for contractors.
This class deviation allows contractors to continue following the current revision (Rev. 2) until further notice. This gives them time to adjust to the new requirements and allows the DoD to develop additional support mechanisms for the transition.
The class deviation is available here: https://www.acq.osd.mil/dpap/policy/policyvault/USA000814-24-DPC.pdf