security breach | The Contracting Education Academy

February 29, 2016 By AMK

OPM seeks to tighten security of contractors conducting background checks

Contractors that conduct background investigations for the federal government will have to report information security incidents to the Office of Personnel Management (OPM) within half an hour, are required to use smartcards as a second layer of security when logging on to agency networks, and must agree to let OPM inspect their systems at any time.

Those are new requirements OPM has written into draft contracting documents released last month that govern how the personal, often sensitive, information gleaned during background investigations should be stored on contractors’ computer systems.

The draft request for proposals is “intended to provide industry advanced notice of the pending solicitation as well as an opportunity to provide comments, feedback and recommendations that the government can consider prior to finalizing the solicitation,” OPM spokesman Sam Schumach told Nextgov in an email.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2016/02/contracting-docs-opm-tighten-it-security-background-investigation-companies/125741

February 13, 2015 By AMK

Defense contracting agency investigating possible breach

The federal agency responsible for managing the Defense Department’s (DOD) outside contracts is investigating a possible breach, security news blog KrebsOnSecurity reported.

As of Wednesday morning, the website for the Defense Contract Management Agency (DCMA) was down. A message posted to the homepage says, “Corrective Action in Progress.”

DCMA told KrebsOnSecurity that the page had been pulled after the agency discovered suspicious activity on its server Jan. 28.

In a statement, the agency said it so far had no information that any personal data had been breached from the DCMA or DOD servers.

Keep reading this article at: http://thehill.com/policy/cybersecurity/232421-defense-contracting-agency-investigating-breach

November 21, 2014 By AMK

Contractors struggle with ‘patchwork’ of cybersecurity regulations

Federal contractors trying to report a hack on their computer systems struggle with a maze of piecemeal regulations, contracting experts say. And clarifying that ambiguity could be a difficult long-term project because there is likely no one bill or executive action that would do the trick.

“The compliance issues are hard for government contractors because you don’t have one box, one checklist of things you can do for all of your contracts to make sure that you’re compliant,” said Elizabeth Ferrell, a partner at McKenna Long and Aldridge, at a Nov. 6 conference hosted by the Coalition for Government Procurement in Washington.

The revelation in August of a high-profile breach at U.S. Investigations Services and the Office of Personnel Management’s subsequent decision to terminate the firm’s background-check contracts drove home the vulnerability of federal contractors to cyberattacks and prompted some to reassess their security. OPM’s ditching of USIS also raised the question of whether government agencies will write higher data security standards into contracts.

Keep reading this article at: http://fcw.com/articles/2014/11/06/cyber-regs-contractors.aspx

August 11, 2014 By AMK

DHS, OPM suspend contracts with USIS after major cyber attack

The Department of Homeland Security has suspended background checks and most contracts with contractor USIS after a cyber attack may have accessed the personal information of DHS employees.

Peter Boogaard, a DHS spokesman, would not confirm the identity of the contractor but said that a multiagency cyber response team is working to identify the scope of the attack and how many employees were affected.

He said the agency has determined that some DHS personnel have had their personal information compromised and the agency has notified its entire workforce to monitor their financial accounts for suspicious activity.

“As we continue to investigate the nature of this breach on an urgent basis, we will be notifying specific DHS employees whose [personally identifiable information] we can determine was likely compromised.”

Keep reading this article at: http://www.federaltimes.com/article/20140807/IT/308070009/DHS-OPM-suspend-contracts-USIS-after-major-cyber-attack

March 22, 2013 By AMK

SAM user uncovered GSA data compromise

A user of an online federal contracting registry found a way of bypassing security controls to see every contractor’s personal and proprietary data, prompting the government to alert registrants about possible fraud, according to the General Services Administration, the owner of the system.

IBM, which operates the registry, known as the System for Award Management, or SAM, failed to discover the issue. GSA’s continuous monitoring program that tracks computer protections agencywide and Einstein, the Homeland Security Department’s intrusion prevention system, did not document a threat. It is unknown whether a scammer spotted the defect first.

“A SAM user alerted us to the vulnerability,” GSA spokeswoman Jackeline Stewart told Nextgov. She did not identify the individual. The person described the problem to GSA on March 8 and the agency patched the system two days later.

GSA had awarded IBM a $74 million contract to build and maintain the tool for eight years, beginning in 2010. The agency this week said it would seek redress.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2013/03/contractor-site-user-uncovered-gsa-data-compromise/61973/?oref=nextgov_today_nl.

For the latest news involving SAM, please visit: http://contractingacademy.gatech.edu/tag/sam

Search this Website