The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for cybersecurity

January 25, 2021 By cs

GSA introduces vendor risk assessment program in draft solicitation

The General Services Administration could soon start requiring on-site assessments of certain federal contractors under a new program to scrutinize risks to the supply chain. 

Tucked into the draft of a new governmentwide acquisition vehicle for information technology services called Polaris is language describing a tool to “identify, assess and monitor supply chain risks of critical vendors.”  It would use classified and unclassified sources.

GSA said once the tool it’s developing—referred to as the Vendor Risk Assessment Program — is complete, “the contractor agrees the government may, at its own discretion, perform audits of supply chain risk processes or events,” adding, “on site assessments may be required.”

The Vendor Risk Assessment Program first appeared online in a Sept. 2017 blogpost by GSA’s Shon Lyublanovits describing plans to address risks to the supply chain of the government’s information and communications technology. Around that time, agencies would have been busy working to remove Kaspersky software from their systems.  And GSA was engaged in a series of pilots toward a service that would be shared across the government to uncover businesses’ due diligence, including for cybersecurity concerns.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/gsa-introduces-vendor-risk-assessment-program-draft-solicitation/171289/

Filed Under: Government Contracting News Tagged With: cybersecurity, cyberthreat, GSA, information technology, risk, risk assessment, security, security threat, supply chain, supply chain security, Vendor Risk Assessment Program

January 22, 2021 By cs

GSA to remove almost all drones from contract offerings over China concerns

By Feb. 1, all but five unmanned aerial vehicles will be removed from the General Services Administration’s offerings.

The General Services Administration — the federal government’s central buyer — will no longer include drones in its suite of offerings, except those previously approved by a small innovation unit inside the Defense Department.

Citing the threat of Chinese manufacturers, GSA officials announced Tuesday the agency will be canceling contracts offering drones from all but five suppliers on the Multiple Award Schedules, the set of pre-vetted contracts that offer everything from paper clips to helicopters to data centers.

“GSA is removing all identified drones that are not approved through the [Defense Innovation Unit’s] Blue sUAS program from MAS contracts,” a GSA spokesperson told Nextgov. “Affected vendors will be notified by their contracting officer and only the identified drones will be removed from their MAS contract.”

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/gsa-remove-almost-all-drones-contract-offerings-over-china-concerns/171352/

Filed Under: Government Contracting News Tagged With: China, cybersecurity, cyberthreat, DIU, drones, GSA, MAS, security threat

December 24, 2020 By cs

Pentagon announces 7 procurements to test out new CMMC process

The Defense Department on Thursday disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program, DoD’s new approach to shoring up its suppliers’ IT security.

The department stopped short of a full commitment to subject the forthcoming Navy, Air Force and Missile Defense Agency procurements to CMMC’s requirements.

In a statement, DoD said only that they are “candidates” under consideration to serve as pathfinders.

The projects, as described by the Pentagon, are:

 

Navy
  • Integrated Common Processor
  • F/A-18E/F Full Mod of the SBAR and Shut off Valve
  • Yard services for the Arleigh Burke Class destroyer
Air Force
  • Mobility Air Force Tactical Data Links
  • Consolidated Broadband Global Area Network Follow-On
  • Azure Cloud Solution
Missile Defense Agency
  • Technical Advisory and Assistance Contract

The department did not immediately provide further details on the procurements beyond the descriptions above, but said each of the contracts are expected to be awarded in fiscal 2021.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-reveals-first-contracts-to-serve-as-pathfinders-for-cmmc/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DCMA, Defense Industrial Base Cybersecurity Assessment Center, DFARS, DIBCAC, DoD, FAR, federal regulations, NIST, SP 800-171

December 8, 2020 By cs

What DoD’s cyber certification program reveals about info-sharing challenges

As the new regime takes effect, the tech industry’s lead trade association would rather higher level certifications be done by the department than independent third parties.

The Information Technology Industry Council is arguing that the foundation of U.S. cybersecurity policy — information sharing between organizations — presents a security threat that is too costly for many to address in response to a rule implementing the Pentagon’s Cybersecurity Maturity Model Certification Program.

The CMMC program was designed to change the Defense Department’s practice of having contractors simply attest to their own level of cybersecurity and institute a system of third-party auditors to validate required practices are in place.

The department’s Defense Contract Management Agency currently conducts audits of contractors’ cybersecurity through Defense Industrial Base Cybersecurity Assessment Center, or DIBCAC, assessments.  But Katie Arrington, the DoD official heading up the CMMC program, said a new ecosystem of private third-party assessors is necessary to scale such reviews across all of the approximately 300,000 companies the department relies on.

Organizations hoping to work with the Defense Department would be required to obtain certification through an accreditation body that entered into a no-cost contract with the Defense Department on Nov. 25.  The currently all-volunteer organization will be funded through fees it receives from assessors it trains to conduct audits and individuals it approves as qualified to consult with prospective contractors on CMMC requirements.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/12/what-dods-cyber-certification-program-reveals-about-info-sharing-challenges/170400/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DCMA, Defense Industrial Base Cybersecurity Assessment Center, DFARS, DIBCAC, DoD, FAR, federal regulations, NIST, SP 800-171

December 4, 2020 By cs

Pentagon ready to name first 15 ‘pathfinder’ contracts for CMMC

It’s a significant week for the Defense Department’s Cybersecurity Maturity Model Certification program: New rules that serve as a precursor to the full CMMC implementation took effect on Tuesday, and an announcement of the first 15 contracts that will serve as “pathfinders” for the new model are imminent.

That initial set of procurements would represent the first real-world use of CMMC, the program the department has been building for the past year-and-a-half to shore up the cybersecurity of its industrial base.  So far, DoD acquisition officials have only applied the model to contracts in non-punitive tabletop exercises, and without publicly identifying the contracts involved.

The department expects to name the first 15 pathfinders within “the next few days,” Katie Arrington, the chief information security officer in DoD’s acquisition and sustainment office told an industry conference.  The announcement has been highly-anticipated as the defense industry waits to see how many vendors could be impacted by the initial pathfinder process.

Meanwhile, earlier this week, two precursors to the full CMMC rollout took effect — part of a sweeping rule change DoD promulgated in September to implement the program.  Going forward, almost all vendors bidding on new contracts will have to log into a web portal and attest to which specific security controls in NIST Special Publication 800-171 they’re currently complying with.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-ready-to-name-first-15-pathfinder-contracts-for-cmmc/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DCMA, Defense Industrial Base Cybersecurity Assessment Center, DFARS, DIBCAC, DoD, FAR, federal regulations, NIST, SP 800-171

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 32
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute