By Grace Mahan
In the past few years, changes in cybersecurity requirements have proved to be among the most important developments in the world of government contracts. In 2017 alone, the White House issued a cybersecurity executive order, and the Defense Contract Audit Agency (DCAA) issued a Defense Federal Acquisition Regulation Supplement (DFARS) that imposed new cybersecurity requirements on Department of Defense (DoD) contractors.
The changes required by the DFARS are new, since the DCAA mandated compliance by December 31, 2017, and they are specific to the DoD. They have already had an impact on government contractors.
The new DFARS covers 14 areas of cybersecurity, and its requirements range from a compulsory limit on unsuccessful login attempts to a provision that requires security awareness training concerning the problem of recognizing and reporting insider threats. On the whole, the DFARS requires contractors maintaining information on behalf of the DoD to implement cyber security controls, conduct cyber security assessments, and report cyber security incidents at both the contractor and subcontractor levels. Some guidance in implementing the new requirements can be found on the National Institute of Standards and Technology website, here.
In addition to the DFARS, changes to the Federal Acquisition Regulation (FAR) may be forthcoming in 2018, establishing consistent cybersecurity standards for the civilian agencies. Likewise, coming amendments to the General Services Administration’s (GSA) Acquisition Regulations will impose cybersecurity standards on GSA work statements and on contractors’ duties to report cybersecurity compromises.
It can readily be concluded, accordingly, that changes in cybersecurity regulations have significantly affected and will continue to affect government contractors in their work with both the DoD and civilian agencies. Accordingly, contractors should make certain that their compliance programs are comprehensive and up to date, and that they are well versed in the changes being made to the existing regulatory scheme.
Our firm has extensive experience in the federal procurement process, and in assisting contractors in understanding and satisfying their compliance requirements. Please contact any of our lawyers if we may be able to assist you with these or other matters.