The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for security controls

March 30, 2021 By cs

GSA could be vulnerable to security threats from ‘trusted insiders’

The General Services Administration needs to bolster its efforts to protect against insider threats from current and recently separated employees, a watchdog reported recently.

The GSA inspector general reviewed the agency’s processes to thwart harmful actions from “trusted insiders” to its personnel, facilities, operations and resources. GSA has about 12,000 employees throughout its central office, Federal Acquisition Service, Public Buildings Service, Office of Governmentwide Policy, 11 national staff offices, 11 regional offices and two independent offices. An October 2011 executive order and subsequent policy from November 2012 laid out requirements for agencies’ insider threat programs. In 2014, GSA established its own program (a two-person team that reports to the senior designated official who is the associate administrator of GSA’s Office of Mission Assurance) and in 2017 the National Insider Threat Task Force certified it met the minimum standards. However, the inspector general found some areas of concern since then.

“We found that GSA’s [insider threat program] does not consistently collaborate with other GSA staff offices to gather key threat information proactively and does not communicate insider threat risks and program challenges to the GSA administrator as required,” said the report.  “Instead, the [program] senior designated official has taken a reactive approach that leaves GSA susceptible to insider threats.”

Another issue was that after the National Insider Threat Task Force deemed GSA’s insider threat program was at full operational capacity in November 2017, GSA’s insider threat working group disbanded because staff thought it was no longer needed.  The group had members from the Office of Human Resources Management, Office of GSA IT, Office of the Chief Financial Officer and Office of Mission Assurance.

Keep reading this article at: https://www.govexec.com/oversight/2021/02/watchdog-says-gsas-insider-threats-program-needs-improvement/172147/

Filed Under: Government Contracting News Tagged With: acquisition workforce, cybersecurity, cyberthreat, GSA, IG, OIG, security controls, security threat

November 18, 2020 By cs

NIST issues updated cybersecurity companion guide

The National Institute of Standards and Technology (NIST) has issued its 5th catalog of security and privacy controls for information systems.
Click on image above to download publication.

The purpose of NIST’s publication is to protect organizational operations from a diverse set of threats and risks.

The catalog addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms provided by the controls) and from an assurance perspective (i.e., the measure of confidence in the security or privacy capability provided by the controls).  Addressing functionality and assurance helps to ensure that information technology products and the systems that rely on those products are sufficiently trustworthy.

The use of these controls is mandatory for federal information systems in accordance with Office of Management and Budget (OMB) Circular A-130 and the provisions of the Federal Information Security Modernization Act (FISMA), which requires the implementation of minimum controls to protect federal information and information systems.

The latest publication and supplemental materials can be downloaded from: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final.

Filed Under: Government Contracting News Tagged With: assurance, availability, computer security, confidentiality, controls, cybersecurity, FISMA, information security, information system, integrity, IT, NIST, personally identifiable information, Privacy Act, privacy controls, privacy functions, privacy requirements, Risk Management Framework, security controls, security functions, security requirements, SP 800-171, system, system security

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute