Winter is nearly upon us, and with it; compliance deadlines for new regulations. Is your company ready for the new year and the new standards it will be bringing? Here are a few upcoming compliance deadlines that you and your company should be aware of.
NIST SP 800-171: Protecting Controlled Unclassified Information
As the weather gets colder and the new year approaches, the NIST SP 800-171 deadline is also coming up quickly. The Defense Federal Acquisition Regulation Supplement (DFARS) 225.204-7012 requires Department of Defense (DoD) contractors that process or store Controlled Unclassified Information (CUI) to maintain compliance with the NIST 800-171 standards to protect the information. December 31, 2017 is the deadline for implementation.
Fortunately, there is a bit more time before the EU GDPR deadline rolls around. This is a new regulation that applies to the collection and processing of the personal information of individuals in the EU, regardless of where the company is located. The goal of the GDPR is to strengthen data protection and privacy within the EU, and give power over personal data back to individuals. It becomes enforceable starting May 25th, 2018, and non-compliance can carry hefty fines.
New York’s Cybersecurity Regulation (23 NYCRR Part 500)
New York’s Department of Financial Services (DFS) established the NY DFS 23 NYCRR 500 regulation to define new cybersecurity requirements for financial service companies. Requirements include a cybersecurity program to protect consumers’ data, security policies, a designated Chief Information Security Officer, implemented security controls, and reporting of cybersecurity events. The regulation became effective March 1, 2017, with a series of compliance dates, including the first Certification of Compliance due to the state February 15, 2018.
Are you ready?
Compliance deadlines can sneak up on all of us with the demands of day-to-day business plus holiday craziness. But it’s not too late! Make sure that you are aware of the compliance regulations that apply to your business and start now! If you have any questions about compliance deadlines or need assistance ensuring your business is compliant with GDPR, NIST SP 800-171, or the New York regs, contact [email protected].