The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for data breach

December 4, 2018 By AMK

Contractors face new data breach disclosure and investigation requirements

The government’s lead contracting agency plans to formalize how and when contractors are required to disclose data breaches and to mandate better government visibility into how serious those breaches are.

The proposed rule will mandate that the General Services Administration (GSA) and the agency that’s being served by the contract have access to breached contractor systems, according to a regulatory roadmap set to be published in the Nov. 16th edition of the Federal Register.

Contractors will also be required to preserve images of the affected systems for the government to review, the roadmap states.

The proposed rule is scheduled to be published in February with a comment period that closes in April.

Contractors have frequently been a weak point for federal cybersecurity efforts.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/11/government-contractors-face-new-data-breach-disclosure-and-investigation-requirements/152864/

Filed Under: Government Contracting News Tagged With: cyber, cyber incidents, cybersecurity, data breach, GSA, GSAM

October 12, 2018 By AMK

GAO reviews agency actions in the wake of Equifax data breach

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.

The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.

In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.

Prior to the Equifax breach, the IRS, the Social Security Administration, and USPS contracted with Equifax to provide identity verification services. These agencies relied on Equifax’s databases to verify the identities of individuals applying for various services. For example, the IRS used Equifax servers to verify identities for tax return purposes.

Following the Equifax cyberattack, agencies took a variety of steps to assess the situation and make proactive changes to their contracts with Equifax. Foremost was notifying impacted individuals. While there was no breach of agency systems in connection with the Equifax attack, there was nevertheless concern that impacted individuals may have had an increased risk for identity theft. Accordingly, one of the first actions taken by the impacted agencies was to notify impacted individuals.

Keep reading this article at: http://smallgovcon.com/uncategorized/gao-reviews-agency-actions-in-the-wake-of-equifax-data-breach/

Filed Under: Government Contracting News Tagged With: cyberattacks, cybersecurity, data breach, Equifax, GAO, hack, IRS, Social Security Administration, USPS

December 23, 2015 By AMK

OPM’s post-hack contract broke rules and put millions of dollars at risk

In the rush to award a $20 million contract for identity-theft protection services in the wake of a massive data breach, Office of Personnel Management contracting staff violated federal contracting rules, lost track of paperwork and failed to properly secure an independent cost estimate of the contract, according to a newly published review by the agency’s inspector general.

OPMA summary of the IG’s findings was previously included in a memo to acting OPM Director Beth Cobert last month. However, the full report, dated Dec. 2 and posted online today, provides more detail about the shortcuts OPM contracting staff to award the contract.

OPM IG Patrick McFarland said his office was unable to determine whether the deficiencies were significant enough to affect the actual awarding of the contract. However, the missteps his office identified “increased the risk of making an improper award,” he wrote in the new review.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2015/12/opm-rushed-award-20m-post-hack-contract-and-ran-afoul-federal-contracting-rules-ig-says/124369

Filed Under: Government Contracting News Tagged With: data breach, FAR, hack, independent cost estimate, OPM

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute