Cybersecurity is a key concern of the federal government,
which means that it should be a key concern for federal contractors, too.
To address a perceived cybersecurity risk, the 2019 NDAA prohibited the government from buying telecommunications devices produced by certain companies—namely, Huawei Technologies, ZTE Corporation, or any of their subsidiaries. In a proposed rule announced this week, this ban will be effective beginning August 13, 2019.
On Friday, July 12, 2019, the U.S. House of Representatives passed its version of the 2020 National Defense Authorization Act.
While this passage may lead to an uncharacteristic political fight over appropriations, contractors will be watching whether the U.S. Senate and House bills ultimately agree upon the less politically-charged sections likely to impact their businesses.
The draft 2020 National Defense Authorization Act includes a number of provisions that will affect government contractors, especially small business contractors, including the three provisions featured in this post. Read on for how the 2020 draft NDAA impacts annual small business reporting by the SBA, cybersecurity training for small businesses, and evaluation of past performance to focus on workforce development.
It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals. The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.
In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.
Because of a recent cyber attack on the System for Award Management, the Federal Service Desk is requiring new contractors to submit a signed notarized letter in order to be registered. Later this month, existing registrants seeking to update or renew profiles will have to do the same.
This move comes after the General Services Administration acknowledged on March 22 that the inspector general is looking into a hack of the SAM.gov database, in which the hackers changed the banking information for “a limited number” of contractors.
Whether you are an active small business federal contractor, or an entrepreneur still getting your business off the ground, you are going to need a cybersecurity plan. Many DoD contractors, in particular, face a pending deadline to comply with NIST 800-171, as mandated by DFARS 252.204-7012.
The Kansas SBDC Cybersecurity Center for Small Business wants to help.
I am headed back to Kansas after a great trip out west to speak at the 2017 Alliance Northwest Procurement Conference in Puyallup, WA. It was great seeing many familiar faces and meeting many other new ones. But I won’t be home long: I will be off to fabulous Las Vegas for the National RES Conference, where I’ll be presenting on Monday. If you will be at RES, please be sure to connect.
Even with all of this travel, I’ve been keeping a close eye on government contracting news–and that means that it’s time for the SmallGovCon Week In Review. In this week’s edition, scammers are using the HHS OIG telephone number in a spoofing ploy, the GAO releases a report on developments in the HUBZone program, a Coast Guard employee makes a funny FedBizOpps post (no, really!) and more.