Today, our colleagues Dick Oliver, Glenn Sweat and Brian Cruz published their Client Alert titled New Proposed DoD Cyber Guidance May Fuel Bid Protest Docket, Newly published draft DoD Guidance for Reviewing System Security Plans (SSP) and the “NIST SP 800-171 Security Requirements Not Yet Implemented” answer some questions but may also result in an increased protest docket due to ambiguous evaluation criteria. Key takeaways include:
- Industry has been seeking clarity on the Department of Defense’s cybersecurity clause, since its December 31, 2017 implementation date, particularly as it relates to how the Government will review a Contractor’s System Security Plan (SSP); the new guidance indicates the Government’s evaluation of Contractors’ SSPs will also be used as evaluation criteria in new contract awards.
- A growing list of Frequently Asked Questions has answered some questions, but more guidance was needed, and is being provided in the form of an SSP priority ranking matrix.
- Public comments on the proposed draft guidance are due May 31, 2018, and early contractor feedback is that the guidance is helpful but hardly dispositive of the myriad questions surrounding the new rule.