The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for personally identifiable information

November 18, 2020 By cs

NIST issues updated cybersecurity companion guide

The National Institute of Standards and Technology (NIST) has issued its 5th catalog of security and privacy controls for information systems.
Click on image above to download publication.

The purpose of NIST’s publication is to protect organizational operations from a diverse set of threats and risks.

The catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and from an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls).  Addressing functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.

The use of these controls is mandatory for federal information systems in accordance with Office of Management and Budget (OMB) Circular A-130 and the provisions of the Federal Information Security Modernization Act (FISMA), which requires the implementation of minimum controls to protect federal information and information systems.

The latest publication and supplemental materials can be downloaded from: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final.

Filed Under: Government Contracting News Tagged With: assurance, availability, computer security, confidentiality, controls, cybersecurity, FISMA, information security, information system, integrity, IT, NIST, personally identifiable information, Privacy Act, privacy controls, privacy functions, privacy requirements, Risk Management Framework, security controls, security functions, security requirements, SP 800-171, system, system security

January 17, 2017 By AMK

Updated OMB breach response policy includes required breach-related provisions for federal contracts

On Jan. 3rd, the Office of Management and Budget (OMB) issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007. 

The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII).   In addition to setting forth requirements for federal agencies to prepare for and respond to breaches, the policy also includes required contractual terms regarding breach preparedness and response for certain federal contractors.

The policy states that the contractual requirements should be inserted into any contract, cooperative agreement or other similar instrument where the contractor collects or maintains PII, or uses or maintains an information system, on behalf of the Government.

Keep reading this article which details contractor requirements here: https://www.insideprivacy.com/data-security/data-breaches/updated-omb-breach-response-policy-includes-required-breach-related-provisions-for-federal-agency-contracts/

Read OMB’s Jan. 3, 2017 memorandum here: Preparing for and Responding to a Breach of Personally Identifiable Information – OMB m-17-12 – 01.03.2017

Filed Under: Government Contracting News Tagged With: breach, cyber, cybersecurity, encryption, IT, OMB, personally identifiable information, PII, regulation, technology

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute