It’s not too soon to start thinking about those New Year’s resolutions. Along with other personal goals, federal contractors might want to add a cybersecurity resolution to their list. The Department of Defense has drafted a cybersecurity certification that will be finalized in January 2020. Starting next fall, contractors will have to be certified in order to submit proposals on defense solicitations.
Read on for some of the highlights.
Cybersecurity is a key concern of the federal government,
which means that it should be a key concern for federal contractors, too.
To address a perceived cybersecurity risk, the 2019 NDAA prohibited the government from buying telecommunications devices produced by certain companies—namely, Huawei Technologies, ZTE Corporation, or any of their subsidiaries. In a proposed rule announced this week, this ban will be effective beginning August 13, 2019.
On Friday, July 12, 2019, the U.S. House of Representatives passed its version of the 2020 National Defense Authorization Act.
While this passage may lead to an uncharacteristic political fight over appropriations, contractors will be watching whether the U.S. Senate and House bills ultimately agree upon the less politically-charged sections likely to impact their businesses.
The draft 2020 National Defense Authorization Act includes a number of provisions that will affect government contractors, especially small business contractors, including the three provisions featured in this post.
Read on for how the 2020 draft NDAA impacts annual small business reporting by the SBA, cybersecurity training for small businesses, and evaluation of past performance to focus on workforce development.
It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals. The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.
In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.
Because of a recent cyber attack on the System for Award Management, the Federal Service Desk is requiring new contractors to submit a signed notarized letter in order to be registered. Later this month, existing registrants seeking to update or renew profiles will have to do the same.
This move comes after the General Services Administration acknowledged on March 22 that the inspector general is looking into a hack of the SAM.gov database, in which the hackers changed the banking information for “a limited number” of contractors.
Whether you are an active small business federal contractor, or an entrepreneur still getting your business off the ground, you are going to need a cybersecurity plan. Many DoD contractors, in particular, face a pending deadline to comply with NIST 800-171, as mandated by DFARS 252.204-7012.
The Kansas SBDC Cybersecurity Center for Small Business wants to help.