Many people are unaware that a significant number of U.S. companies are subject to regulations that share some similarities with the European General Data Protection Regulation (which has companies that handle European data scrambling to get into compliance).
Specifically, government contractors have obligations pursuant to Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7000 et. seq.
The DFARS regulations were adopted in October 2016 when the U.S. Department of Defense issued a final rule. (See 82 Fed. Reg. 72986 Oct. 21, 2016, available here.)
Entities subject to the provisions were given until Dec. 31, 2017, to comply with certain aspects as discussed below. If your organization is a contractor or subcontractor that handles “controlled unclassified information” (see here) you need to make sure your house is in order to comply.
Keep reading this article at: https://www.law360.com/articles/968247/dfars-cyber-compliance-deadline-is-approaching