New draft guidance released by the Defense Department last week lays out how contracting officers can use cybersecurity standards in a procurement action, meaning companies who aren't complying with the security controls could soon be deemed too risky for DOD work. On April 24, the Defense Federal Acquisition Regulations System released " DOD Guidance for Reviewing System Security Plans and the [National Institute for Standards and Technology Special Publication] 800-171 Security Requirements Not Yet Implemented ." Comments are due by...