An official website of the United States Government 
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Immediate Release

Department of Defense Issues Class Deviation on Cybersecurity Standards for Covered Contractor Information Systems

The Office of the Under Secretary of Defense for Acquisition and Sustainment, in collaboration with the Office of the Chief Information Officer, today issued a Defense Federal Acquisition Regulation Supplement (DFARS) class deviation relating to the cybersecurity standards required for covered contractor information systems. 

The intent of this class deviation is to provide industry time for a more deliberate transition upon the forthcoming release of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations," revision.  This class deviation will also afford the Department of Defense time to best align any of the necessary supporting mechanisms. 

Specifically, this class deviation provides an alternative clause that will require contractors, who are subject to DFARS clause 252.204-7012, to comply with NIST SP 800-171 Revision 2, instead of the version of NIST SP 800-171 in effect at the time the solicitation is issued.

The class deviation is available on the Defense Pricing and Contracting public website at