The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cybersecurity

By

Deadline looms for contractors to ditch banned Chinese equipment

Federal contractors face a late-summer deadline to ensure they’re not using banned Chinese equipment and services to fulfill their federal contracts, a top White House federal acquisition official stressed.

Federal contractors have until Aug. 13 to comply with Part B of Section 889 of the 2019 National Defense Authorization Act, Office of Federal Procurement Policy Administrator Michael Wooten said during a July 13 Professional Services Counsel (PSC) webcast.

That provision prohibits government contractors from using technology and services tied to Chinese equipment manufacturers that have been deemed cybersecurity threats by the U.S. government. Those companies include telecommunications gear-makers Huawei and ZTE, as well as video surveillance manufacturer Hikvision.

The Trump administration has worked to push Huawei and ZTE out of U.S. federal and commercial telecommunications networks, both domestically and internationally, deeming the companies’ close relationships to the Chinese government as a virulent cybersecurity threat.

Keep reading this article at: https://fcw.com/articles/2020/07/13/rockwell-defense-contractors-huawei-ban.aspx

By

Defense information network to host data repository for contractors’ cybersecurity audits, official says

Applications are now available for aspiring assessor organizations, which will also need to have their security certified.

Information about organizations seeking a stamp of approval under the Pentagon’s new Cybersecurity Maturity Model Certification program will be stored on the Department of Defense Information Network, according to the head of the accreditation body working with DOD on the CMMC.

Currently, DOD contractors mostly pledge adherence to requisite cybersecurity practices. The CMMC, taking effect with a rule change expected this fall, will require all defense contractors to have their cybersecurity status audited and certified by an independent third party before they can do business with the department.

The program has raised concerns among some contractors about cybersecurity for the apparatus being set up to manage the certifications and audit data, such as a repository DOD officials will use at the time of award to check whether prospective prime contractors and their associated subcontractors have achieved the necessary certification.

“DOD intends to maintain their instance [of the repository] on the DOD network and we will be responsible for populating that,” said Ty Schieber, chairman of the board for the CMMC accreditation body.

Keep reading this article at: https://www.nextgov.com/cio-briefing/2020/06/defense-information-network-host-data-repository-contractors-cybersecurity-audits-official-says/166375/

By

Census Bureau seeks industry input on cybersecurity acquisitions strategy for next decade

With data collection for the 2020 census underway, the bureau is thinking about how artificial intelligence and other capabilities might help address sore points.

With government watchdogs eyeing its operations, the U.S. Census Bureau issued a request for information as it decides on acquisitions it might make to improve cybersecurity in a number of areas.

The centuries-old decennial census is being conducted digitally for the first time this year, a herculean effort that is projected to cost $15.6 billion and opened the count to new cybersecurity vulnerabilities.

“The purpose of this request for information is to provide information to the United States Census Bureau to help determine an acquisition strategy for cybersecurity for the coming decade,” reads the document posted to betaSAM.gov. “The USCB believes industry holds the most current and best practices in these areas impacted by cybersecurity and seeks recommendations on how to best acquire the needed industry knowledge and expertise and achieve benefits in accordance with federal requirements.”

The Census Bureau’s cybersecurity posture has received some stern criticism from the Government Accountability Office in the years leading up to the current count. And the RFI is looking for input to address some of the very weaknesses GAO flags.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/05/census-bureau-seeks-industry-input-cybersecurity-acquisitions-strategy-next-decade/165621/

By

The White House is rewriting contracting language to clarify security liability

The Office of Management and Budget (OMB) plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.
Technology vendors precluding liability in government contracts has long been an issue, and now COVID-19 has sped up some agencies’ cloud migration and amplified calls for cybersecurity assurances.  

“I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Keep reading thi9s article at: https://www.nextgov.com/it-modernization/2020/05/white-house-rewriting-contracting-language-clarify-security-liability/165549/

The Contracting Education Academy at Georgia Tech has established a webpage where all contract-related developments related to the coronavirus (COVID-19) are summarized.  Find the page at: https://contractingacademy.gatech.edu/coronavirus-information-for-contracting-officers-and-contractors/

By

Coronavirus constraints pose CMMC rule change delays

Social distancing requirements are complicating the Defense Department’s implementation of its unified cybersecurity standard.

Katie Arrington, DoD’s chief information security officer for acquisition, said that while the coronavirus pandemic hasn’t affected training preparations, social distancing efforts have delayed the public hearing needed for the Defense Federal Acquisition Regulation Supplement (DFARS) rule change needed to enforce new cybersecurity standards for contractors.

“The premise of doing all of this is that we’re going through a DFARS rule change,” which requires a public hearing, Arrington said May 8 during a Billington Cybersecurity event on the Cybersecurity Maturity Model Certification (CMMC) program.

Keep reading this article at: https://defensesystems.com/articles/2020/05/13/cmmc-covid-dfar-rule-change-delay.aspx

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter