GSA Proposes Security Requirements for Contractors

The General Services Administration has proposed new rules asking contractors to incorporate security standards in order to protect government information on the IT systems they manage.
Last week, in the new requirements were located in a Federal Register post detailing the Unified Agenda of Federal Regulatory and Deregulatory Actions, two proposed rules — GSAR Case 2016-G511 and 2016-G515 — call for amending the General Services Administration Acquisition Regulation to include requirements for contractors to safeguard GSA information in a solicitation's statement of work, as well as the procedures for they inform the agency of a potential breach.
GSAR Case 2016-G511 allows contracting officers to implement agency cyber requirements and standards into each solicitation, providing a centralized cybersecurity guidance across the enterprise for contractors to adhere to.
"This rule will require contracting officers to incorporate applicable GSA cybersecurity requirements within the statement of work to ensure compliance with federal cybersecurity requirements and implement best practices for preventing cyber incidents," the Federal Register post said.
GSAR Case 2016-G515 seeks to update the nearly two-year-old GSA policy, 9297.2C, on how the agency, and the contractors overseeing its and its customer agencies' IT systems, safeguard Personally Identifiable Information and other confidential information, in addition to the procedures taken when a breach is discovered.
Because 9297.2C didn't go through the rulemaking process when it was established in 2017, it wasn't open for public comment. By moving it to the GSAR, GSA can seek public and industry input on how the rule can be improved.
"Further, it establishes the requirement for contractors to preserve images of affected systems and ensure contractor employees receive appropriate training for reporting cyber incidents," the post said. "The rule also outlines how contractor attributional/proprietary information provided as part of the cyber incident reporting process will be protected and used."
GSA officials detailed in the post their plans to release notices of proposed rulemaking in February 2019 for GSAR Case 2016-G511 and in April for GSAR Case 2016-G515, with comment periods running for two months for each respective rule.

« Back to News

News & Tips
Government contractor news & industry tips from a source you can trust. Sign up for our weekly updates to stay informed and get involved. Easily unsubscribe at any time.

Our Insider's Guide Series was developed as an easy-to-understand series of guides to assist you through the government procurement process.

National Association of Government Contractors
1250 Connecticut Ave NW
Suite 700
Washington, DC 20036
Phone: 202-465-3750
Toll Free: 1.800.979.NAGC
LinkedIn Facebook Twitter

FedEx Shipping Discount
Office Depot Member Program
Dell Small Business
Avis Car Rental
GEICO Insurance

Privacy Policy | Subscriber Agreement & Terms of Use | Purchase Policy | Data & Cookies
Copyright © 2004 - 2020 National Association of Government Contractors.   All Rights Reserved. Geotrust RapidSSL