The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cybersecurity

By

Census Bureau seeks industry input on cybersecurity acquisitions strategy for next decade

With data collection for the 2020 census underway, the bureau is thinking about how artificial intelligence and other capabilities might help address sore points.

With government watchdogs eyeing its operations, the U.S. Census Bureau issued a request for information as it decides on acquisitions it might make to improve cybersecurity in a number of areas.

The centuries-old decennial census is being conducted digitally for the first time this year, a herculean effort that is projected to cost $15.6 billion and opened the count to new cybersecurity vulnerabilities.

“The purpose of this request for information is to provide information to the United States Census Bureau to help determine an acquisition strategy for cybersecurity for the coming decade,” reads the document posted to betaSAM.gov. “The USCB believes industry holds the most current and best practices in these areas impacted by cybersecurity and seeks recommendations on how to best acquire the needed industry knowledge and expertise and achieve benefits in accordance with federal requirements.”

The Census Bureau’s cybersecurity posture has received some stern criticism from the Government Accountability Office in the years leading up to the current count. And the RFI is looking for input to address some of the very weaknesses GAO flags.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/05/census-bureau-seeks-industry-input-cybersecurity-acquisitions-strategy-next-decade/165621/

By

The White House is rewriting contracting language to clarify security liability

The Office of Management and Budget (OMB) plans to standardize language in all government contracts with cloud vendors that would update liability terms regarding security, according to the official in charge of leading federal agencies’ move to the shared-responsibility ecosystems.
Technology vendors precluding liability in government contracts has long been an issue, and now COVID-19 has sped up some agencies’ cloud migration and amplified calls for cybersecurity assurances.  

“I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration],” Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, said.

Santucci provided a status report on the government’s efforts to improve efficiency and lower costs by moving to the cloud during a virtual conference the Digital Government Institute hosted today.

“OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract,” Santucci said when asked about the liability issue and whether cloud service providers or government customers should be held responsible for security.

Security was one of the topics mentioned in establishing the new contract templates, he said.

Keep reading thi9s article at: https://www.nextgov.com/it-modernization/2020/05/white-house-rewriting-contracting-language-clarify-security-liability/165549/

The Contracting Education Academy at Georgia Tech has established a webpage where all contract-related developments related to the coronavirus (COVID-19) are summarized.  Find the page at: https://contractingacademy.gatech.edu/coronavirus-information-for-contracting-officers-and-contractors/

By

Coronavirus constraints pose CMMC rule change delays

Social distancing requirements are complicating the Defense Department’s implementation of its unified cybersecurity standard.

Katie Arrington, DoD’s chief information security officer for acquisition, said that while the coronavirus pandemic hasn’t affected training preparations, social distancing efforts have delayed the public hearing needed for the Defense Federal Acquisition Regulation Supplement (DFARS) rule change needed to enforce new cybersecurity standards for contractors.

“The premise of doing all of this is that we’re going through a DFARS rule change,” which requires a public hearing, Arrington said May 8 during a Billington Cybersecurity event on the Cybersecurity Maturity Model Certification (CMMC) program.

Keep reading this article at: https://defensesystems.com/articles/2020/05/13/cmmc-covid-dfar-rule-change-delay.aspx

By

DoD to include cybersecurity requirements in RFPs starting in November

Defense contractors should expect to see new Cybersecurity Maturity Model Certification (CMMC) version 1.0 requirements in requests for proposals released in November, according to Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment.

The requirements are a reflection of the Pentagon’s push to protect defense industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards. Organizations will be required to meet different levels of security, with level one being the lowest and level five the most stringent.

“We understand this is a big cultural shift and we want to ensure that we’re doing everything we can to bring our small business partners right along with us,” she said at the annual Special Operations Forces Industry Conference, which is being held virtually this year due to COVID-19 safety concerns. “We are working on different plans and strategies to help.”

For instance, contractors bidding on a program may not need to have their CMMC certifications until the time of contract award, she noted at the vSOFIC event, which is hosted by the National Defense Industrial Association on behalf of U.S. Special Operations Command.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/5/11/new-cmmc-rules-for-defense-contractors-to-come-in-november

By

Defense contractor certification body says maintenance of companies’ cybersecurity posture is within its role

The accreditation body overseeing the Defense Department’s cybersecurity certification for prospective contractors is also authorized to provide certified companies with cybersecurity services, according to members of the group’s board of directors. 

“A continuous monitoring capability could provide benefits to organizations in the defense supply chain by increasing their awareness of changes to their current cybersecurity posture,” Mark Berman, chairman of the board’s communications committee told Nextgov. “This initiative is a potential avenue where we can provide value add to enhance and maintain the security posture.”

Berman was responding to comments from observers who say an April 22 request for proposal the accreditation board issued for a “continuous monitoring solution” marks a departure from the training and certification functions the group is expected to perform.

The Pentagon’s Cybersecurity Maturity Model Certification program is scheduled to take effect this fall following a change to defense federal acquisition regulations. Companies will have to attain third-party certification of their cybersecurity practices if they want to do business with the department. Defense contractors currently state whether they adhere to standards such as those outlined by the National Institute of Standards and Technology without any outside entity verifying their claims.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/05/defense-contractor-certification-body-says-maintenance-companies-cybersecurity-posture-within-its-role/165131/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter