"Government Contracts"

On May 12, the Biden Administration issued an “Executive Order on Improving the Nation’s Cybersecurity.”  The Order seeks to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response.  The Order covers a wide array of issues and processes, setting numerous deadlines for recommendations and actions by federal agencies, and focusing on enhancing the protection of federal networks in partnership with the service providers on which federal agencies rely.  Private sector entities, including federal contractors and service providers, will have opportunities to provide input to some of these actions.
Continue Reading President Biden Signs Executive Order Aimed at Improving Government Cybersecurity

Last week, the Office of Management and Budget issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007.  The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII).   In addition to setting forth

By Susan B. Cassidy

On March 12, 2014, General Services Administration (“GSA”) issued a Request for Information (“RFI”) to obtain stakeholder input on implementing the recommendations contained in the joint GSA and Department of Defense (“DOD”) report, Improving Cybersecurity and Resilience through Acquisition (“Joint Report”), issued on January 23, 2014.

The Joint Report and, in turn, the RFI from GSA were issued in furtherance of Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity, which called for GSA and DOD, in consultation with the Secretary of Homeland Security and the Federal Acquisition Regulatory Council, to make recommendations to the President “on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.”  The Joint Report responded to this request with six recommendations for strengthening the federal government’s cyber resilience:

  1. Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions;
  2. Address cybersecurity in relevant training;
  3. Develop common cybersecurity definitions for federal acquisitions;
  4. Institute a federal acquisition cyber risk management strategy;
  5. Include a requirement to purchase from original equipment manufacturers, their authorized resellers, or other trusted sources, whenever available, in appropriate acquisitions; and
  6. Increase government accountability for cyber risk management.

Through the RFI issued on March 12, GSA has requested stakeholder input on how to implement the Joint Report’s recommendations.  To this end, GSA provided a draft Implementation Plan, which addresses the implementation of the Joint Report’s fourth recommendation, “institute a Federal acquisition cyber risk management strategy.”  The Implementation Plan explains that GSA will implement the Joint Report’s fourth recommendation first because “the risk management strategy and processes to institute it provide the foundation that is necessary for the other recommendations to be implemented.”


Continue Reading GSA Seeks Comments on Implementation of GSA/DOD Cybersecurity Joint Report Recommendations