GSA Releases IT Security and Authentication Solutions for Federal Agencies

GSA released a Draft Identity, Credentialing, and Access Management (ICAM) Solutions Catalog in response to an Executive Order and a new Office of Management and Budget (OMB) policy. These ICAM Solutions will assist federal agencies in managing and monitoring user access to information systems in order to ensure secure operations and could change security and authentication procedures for federal contractors. From the President on down, cybersecurity, including authentication, is a pressing concern for all federal contractors.

READ MORE

DOD will Require Cybersecurity Certification Starting Fall 2020

It’s not too soon to start thinking about those New Year’s resolutions. Along with other personal goals, federal contractors might want to add a cybersecurity resolution to their list. The Department of Defense has drafted a cybersecurity certification that will be finalized in January 2020. Starting next fall, contractors will have to be certified in order to submit proposals on defense solicitations. Read on for some of the highlights.

Continue reading

Contractors Beware: Government Bans Certain Telecommunications Equipment Effective August 13, 2019

Cybersecurity is a key concern of the federal government, which means that it should be a key concern for federal contractors, too.

To address a perceived cybersecurity risk, the 2019 NDAA prohibited the government from buying telecommunications devices produced by certain companies—namely, Huawei Technologies, ZTE Corporation, or any of their subsidiaries. In a proposed rule announced this week, this ban will be effective beginning August 13, 2019.

Continue reading

House Passes 2020 NDAA

On Friday, July 12, 2019, the U.S. House of Representatives passed its version of the 2020 National Defense Authorization Act.

While this passage may lead to an uncharacteristic political fight over appropriations, contractors will be watching whether the U.S. Senate and House bills ultimately agree upon the less politically-charged sections likely to impact their businesses.

Continue reading

2020 NDAA to Add Cybersecurity Training, Additional SBA Annual Reporting, and Promote Workforce Development

The draft 2020 National Defense Authorization Act includes a number of provisions that will affect government contractors, especially small business contractors, including the three provisions featured in this post. Read on for how the 2020 draft NDAA impacts annual small business reporting by the SBA, cybersecurity training for small businesses, and evaluation of past performance to focus on workforce development.

Continue reading

GAO Reviews Agency Actions in the Wake of Equifax Data Breach

It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals. The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.

In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.

Continue reading

Hack Response: Notarized Letters Now Required for SAM.gov

Because of a recent cyber attack on the System for Award Management, the Federal Service Desk is requiring new contractors to submit a signed notarized letter in order to be registered. Later this month, existing registrants seeking to update or renew profiles will have to do the same.

This move comes after the General Services Administration acknowledged on March 22 that the inspector general is looking into a hack of the SAM.gov database, in which the hackers changed the banking information for “a limited number” of contractors.

Continue reading