If your business is awarded a government contract with the General Services Administration (“GSA”) or the Department of Defense (“DOD”), it needs to understand the tightened cybersecurity regulations recently introduced by both agencies. Both of these regulations will require that contractors adopt enhanced security and training initiatives for employees.
On January 6, 2012, the GSA adopted final guidelines applicable to contracts and orders that involve information technology (“IT”) supplies, services and systems. The sweep of this regulation is broad, applying to a large swath of contractors offering goods and services to GSA or through a Schedule.
Within 30 days of contract award, GSA’s new regulation require a covered contractor to submit an IT Security Plan compliant with a variety of federal laws and regulations – including Homeland Security Presidential Directive 12, FISMA, and applicable NIST guidelines – which GSA reviews in order to determine whether the contractor is adequately protecting GSA’s data and preventing any unauthorized use of the data. Once accepted by the contracting officer, the IT Security Plan will be incorporated into the contract as a compliance document. Moreover, the GSA regulations also mandate that the contractor develop a Continuous Monitoring Plan, submit written proof of IT security authorization within six (6) months after contract award, submit annual verification that its IT Security Plan remains valid and ensure that its employees performing under the GSA contract receive annual IT security training. If the contractor fails to comply with these GSA regulations, its contract with GSA may be terminated.
Likewise, in June 2011, the DOD proposed a new rule to increase security measures to protect unclassified DOD information within a contractor’s system from unauthorized disclosure. The DOD regulations also require a contractor to report any cyber attacks on such unclassified information, and failure to report such incidents may be used as evidence that the contractor did not establish adequate safeguards. The DOD regulations provide for a two-tier protection scheme for unclassified DOD information─“basic safeguarding” and “enhanced safeguarding.” Unclassified DOD information falling under the “basic” category includes any nonpublic information provided by DOD to the contractor. The “enhanced” category includes information that DOD designates as critical, as well as personal identification information. Regardless of which category is applicable, the contractor will have to create sufficient security measures that may require necessary changes to a company’s email, intranet, and other data sharing processes.
It is essential for businesses contracting with either the GSA or the DOD to comply with these new regulations. While the contractor may incur increased costs as a result of updating or adding new protective measures to its IT security protocol, the contractor will benefit in the long run as the threat of cybersecurity attacks continue to increase and become more sophisticated.
- Recent FCA Settlement Highlights Small Business Certification Issues in Private Equity Transactions
- 4 Takeaways: GAO Bid Protest Annual Report to Congress for FY 2023
- FCC Space Bureau launches its Transparency Initiative
- Joshua Duvall Quoted by Law360 on Federal Court Decision Impacting the SBA 8(a) Program
- ALERT: SBA to Require All Individually-Owned 8(a)s to Affirmatively Establish Social Disadvantage
- Maynard Nexsen Shareholder to present at 2023 National HUBZone Conference
- Court Enjoins Rebuttable Presumption in 8(a) Program: What's Next for Future, Current Participants?
- Hello Q4: SBA Clarifies 8(a) Sole Source Rules, Individual 8(a)s Have More Options for Larger Awards
- DoD Issues Proposed Rule to Address Domestic Preferences for Defense Contracts
- Biden-Harris Administration to Launch New Initiative to Increase Federal Contracting with Small Disadvantaged Businesses
- December 2023
- November 2023
- October 2023
- August 2023
- July 2023
- June 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- July 2022
- June 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- September 2019
- August 2019
- July 2019
- July 2017
- May 2017
- March 2016
- January 2013