The government’s lead contracting agency plans to formalize how and when contractors are required to disclose data breaches and to mandate better government visibility into how serious those breaches are.
The proposed rule will mandate that the General Services Administration (GSA) and the agency that’s being served by the contract have access to breached contractor systems, according to a regulatory roadmap set to be published in the Nov. 16th edition of the Federal Register.
Contractors will also be required to preserve images of the affected systems for the government to review, the roadmap states.
The proposed rule is scheduled to be published in February with a comment period that closes in April.
Contractors have frequently been a weak point for federal cybersecurity efforts.