Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • Cybersecurity Video
    • Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Athens
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • Contact Us

Readying contractors’ security plans for evaluation

February 18, 2019 By cs

The Defense Department recently issued final guidance for requiring activities to assess contractors’ system security plans and their implementation of the security controls in National Institute of Standards and Technology Special Publication 800-171.

It includes a compliance guidance document, which explains how department entities will assess contractor implementation of its security controls, and an impact guidance document, which explains how the Pentagon will assess the risks of security controls not implemented.

The compliance guidance addresses three objectives pre-award: requiring a self-attestation of implementation of the special publication in all proposals; imposing enhanced security controls in certain situations; and providing alternatives for compliance as an evaluation factor.

Defense Federal Acquisition Regulation Supplement 252.204-7008, which is required in every noncommercial off-the-shelf solicitation, provides that “[b]y submission of this offer, the offeror represents that it will implement the security requirements specified by [NIST SP 800-171].” The Defense Department has interpreted “implementation” as having a completed security system plan and a plan of action and milestones for the relevant covered defense information.

If a requiring activity believes that enhanced security controls are required beyond those in NIST SP 800-171, the compliance guidance provides direction for adding the requirements to a solicitation.

The guidance does not define what constitutes “enhanced controls.” NIST is expected to issue a new appendix of enhanced controls in the first quarter of 2019.

Keep reading this article at: http://www.nationaldefensemagazine.org/articles/2019/1/30/readying-security-plans-for-evaluation

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, enhanced controls, network infrastructure, NIST, NIST 800-171

Agencies spent record $64.7 billion on IT contracts in 2018

February 8, 2019 By cs

Federal agencies spent a record $64.7 billion on IT contracts in fiscal 2018, according to research released last week by Bloomberg Government.

The nearly $65 billion spent represents a 9.5 percent increase over fiscal 2017 levels, and includes higher levels of spending in cybersecurity ($6.4 billion), cloud computing ($4.1 billion) and almost a doubling of other transaction authority spending, to $4.2 billion from $2.3 billion.

IT spending jumped in both civilian and defense agencies. Across the Defense Department, IT contract spending grew by about 12 percent to $33.8 billion — the highest nominal spending figure ever for the Defense Department, and highest adjusted for inflation IT contract spending since 2012.

Keep reading this article at: https://www.nextgov.com/cio-briefing/2019/01/agencies-spent-record-647b-it-contracts-2018/154510/

Filed Under: Contracting News Tagged With: cloud, cybersecurity, DoD, IT, OTA, spending, technology

‘Supply Chain Cybersecurity Academy’ hosted by Lockheed Martin on Feb. 27

February 6, 2019 By cs

The Lockheed Martin Corporation and the National Center for American Indian Procurement Technical Assistance Center (PTAC) are inviting interested vendors to participate in the Lockheed Martin Supply Chain Cybersecurity Academy to be held:

  • Date: Wednesday, February 27, 2019
  • Time: 8:15 a.m. Registration – (9:00 a.m. to 12:00 p.m. cybersecurity training, plus lunch with Lockheed Martin procurement personnel from 12:00 p.m. to 1:00 p.m.)
  • Location: Lockheed Martin Aeronautics, 86 South Cobb Drive, Marietta, GA

A featured part of this event is a special round table discussion for all Woman Owned Small Business owners to meet and greet Lockheed Martin Aero’s WOSB Advocate.  WOSBs with the potential to fulfill Lockheed Martin’s supply needs are encouraged to attend.

The Lockheed Martin Supply Chain Cybersecurity Academy is designed to be a two-way forum offering small businesses the opportunity to learn about the importance of Cybersecurity in today’s Defense Department environment, and the opportunity to meet with various Lockheed Martin personnel.  Training topics within the area of cybersecurity will include legislation and policy, Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST), safeguarding covered defense information, cyber incident reporting, best practices, and other key areas.

Space Is Extremely Limited.  No more than two people per company may attend.  If you wish to attend, please complete the  Supplier Registration Form linked not later than February 15, 2019 and send to  orysia.d.buchan@lmco.com with a copy to  george@ncaied.org.

Important Security Requirements.  It’s important that you use the legal name that matches your photo identification.  Only U.S. citizens will be allowed to enter the Lockheed Martin Marietta property.  Also, consult the Visitor Packet linked below.  Once registration is completed, you will receive a follow-up email from Lockheed Martin Security, requesting additional information needed to clear you for visit to the Lockheed Martin facility.  Once completed, returned and accepted, a confirmation email will be sent along with directions to the facility. You will need to bring a photo identification (i.e., driver’s license).

Space is limited, and registrations will be accepted on a first received basis, so please register as soon as possible.

  • LM Cybersecurity Academy Registration
  • Visitor Packet

Filed Under: GTPAC News Tagged With: cyber, cybersecurity, Lockheed Martin

DoD continues to up the ante on cybersecurity compliance for contractors

February 4, 2019 By cs

Compliance with the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is only the beginning for contractors that receive controlled defense information (CDI) in performance of Department of Defense (DoD) contracts and subcontracts.

Faced with an evolving cyber threat, DoD contractors have experienced an increased emphasis on protecting DoD’s information and on confirming contractor compliance with DoD cybersecurity requirements.  This includes audits by the DoD Inspector General (IG) “to determine whether DoD contractors have security controls in place” to protect CDI and enhanced security controls for certain high risk contractor networks.

And on September 28, 2018, the Navy issued a policy memorandum calling for enhanced cybersecurity requirements, including some that have generated opposition within the defense community such as the installation of network sensors by the Naval Criminal Investigative Service on contractor systems.

Other requiring activities are reportedly requiring similar enhanced protections, and NIST is expected to issue a public draft of Revision 2 to NIST SP 800-171 by the end of February, with an appendix of additional enhanced controls.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/01/dod-continues-ante-cybersecurity-compliance-contractors/

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, network infrastructure, NIST, NIST 800-171

Why computer passwords are still a problem in 2019

January 29, 2019 By cs

There was a recent article before the holiday break on the complexity of computer passwords.  The top “worst” password for 2018 was “123456.”  Close behind in second place was “password.”  They were also in first and second place in 2017.  Slightly more complex was “123456789,” in third place in 2018, with the one-character shorter version, “12345678” just behind in fourth place. You get the gist.

Passwords are one of the critical problems in cybersecurity today.  They are too easy to guess.  They are too easy to break.  All a hacker needs is your user ID (say, e.g. notsodifficult@password.com) and he or she can be off to the races in a matter of minutes invading your employee email account.  Likely he also will be able to raid many of your other online accounts (like shopping, online gaming and streaming video) because you thought your lame password was so tricky that it was worthy of reusing in your 10 other accounts.  The technical term for what happens here is an account takeover.  In this case times 10.  Re-using a lame password is problem one.

Problem two is social media. We are enamored with sharing information with our family and friends.  That is good. Unfortunately, we share too much: names, places you went on vacation, names of dogs and cats and other animals, even grandparents’ names and locations.  That is all good, except when those same names of places and dogs show up in your password.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/01/why-computer-passwords-are-still-problem-2019/154086/

Filed Under: Contracting Tips Tagged With: cybersecurity, email etiquette, password, security

The new rules of cybersecurity

January 24, 2019 By cs

At this very moment someone, somewhere in the world may be plotting to hack into an organization’s critical network infrastructure.

Creativity, time and investment are never in short supply when determined attackers are intent on gaining access to networks. It’s created an environment whereby solutions to prevent attacks are being developed just after new hacking tactics are deployed. To solve this divergence, we need to focus on “cyber at machine speed” — implementing new tools simultaneously with or even before hackers.

In short, getting the basics right is no longer enough. Adversaries now have the tools, the motivation and certainly the persistence to overcome current standards and compliance protocols.

Simply put, adequacy is no longer adequate.

Keep reading this article at: https://www.nextgov.com/ideas/2018/12/new-rules-cybersecurity/153714/

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting Tips Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, network infrastructure, NIST, NIST 800-171 NIST issues guidance on contractor

DoD and other agencies seek to enhance contractors’ cyber and supply chain security

January 4, 2019 By cs

The Department of Defense (DoD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DoD contractors and subcontractors.

Other federal agencies, including the Department of Homeland Security (DHS), Commerce, and General Services Administration (GSA), are also considering or implementing measures to enhance cyber and supply chain security that will directly or indirectly affect government contractors and their supply chains.

These initiatives will intensify scrutiny of government contractors and subcontractors, increase their cyber and supply chain security compliance requirements, and affect their ability to compete for, and win, government contracts. This article summarizes these initiatives and states our view that, despite the proposal and likely adoption of a comprehensive new Federal Acquisition Regulation (FAR) cybersecurity clause next year, federal government contractors and subcontractors are likely to face multiple, overlapping, and possibly conflicting cybersecurity and supply chain requirements for some time to come.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=767144

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting Tips Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, FAR, GSA, HHS, NIST, NIST 800-171 NIST issues guidance on contractor, security, supply chain

Contractors are a bull’s-eye for hackers

December 19, 2018 By cs

The U.S. defense industrial supply chain is vast, complex and vulnerable. Organic components, large-scale integrators, myriad commercial service providers, and tens of thousands of private companies sustain the Defense Department. According to the SANS Institute, the percentage of cyber breaches that originate in the supply chain could be as high as 80 percent.

Some progress has undoubtedly been made with regard to securing the supply chain. The Defense Federal Acquisition Regulation Supplement (DFARS) NIST SP 800-171 supply chain program, for instance, introduced 109 stringent requirements for Defense Department suppliers dealing with sensitive government data—53 related to technology and 56 related to security policy.

But while DFARS applies to all contractors and suppliers regardless of size, it has not yet been fully implemented and it is not bulletproof.  Still, it is a big step toward securing the supply chain at all levels.

Keep reading this article at: https://www.afcea.org/content/contractors-are-bulls-eye-hackers

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting Tips Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, NIST, NIST 800-171 NIST issues guidance on contractor, risk

Pentagon considers cybersecurity certification for its contractors

December 18, 2018 By cs

In cybersecurity, you’re only as strong as your weakest link.

For the Defense Department, the area with the fewest cyber protections are the defense contractors the department works with, particularly the small businesses that don’t have the expertise or resources to build a robust security posture.

The Pentagon put together a task force to assess whether small businesses within the defense industrial base are complying with the cybersecurity framework published by the National Institute of Standards and Technology and provide assistance to companies that need help.

The department issued a new rule last year requiring vendors to show that they are in compliance with NIST standards or have a plan to get there quickly. Those plans were due Jan. 1.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2018/12/pentagon-considers-cybersecurity-certification-its-contractors/153330/

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, GTPAC, NIST, NIST 800-171 NIST issues guidance on contractor

Four steps to fix the security clearance backlog

December 13, 2018 By cs

Congress will get an update on the security clearance backlog this week, but if you can’t tune in, here’s the bottom line up front: the government has taken steps, there has been progress and the system is improving, but it’s not nearly enough.

There are still more than 600,000 government and industry employees waiting for security clearances from the federal government — highly skilled Americans who are sidelined because of bureaucratic red tape. Some have been waiting as long as 500 days just to go to work.

We in the aerospace and defense industry must frequently ask new employees to delay showing up for work, or do less important work, for months until their clearances are approved. The slow pace of background investigations impedes our industry’s ability to recruit the talented individuals we need to fulfill important roles, such as conducting space missions, managing cyber networks, and performing advanced manufacturing.

Keep reading this article at: https://www.defenseone.com/ideas/2018/12/four-steps-fix-security-clearance-backlog/153445

Filed Under: Contracting News Tagged With: advanced manufacturing, cybersecurity, House Armed Services Committee, industry, security, security clearance

  • 1
  • 2
  • 3
  • …
  • 13
  • Next Page »

Recent Posts

  • Trump executive order extends Buy American policy
  • Readying contractors’ security plans for evaluation
  • FAR definition of “recruitment fees”: No means no
  • DoD makes immediate change to limitations on subcontracting rule; FAR Council issues proposed rule
  • $3.6 million settlement resolves procurement fraud investigation involving 8(a) firm

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification competition construction contract awards contracting opportunities cybersecurity DoD DOJ FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA Schedules SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business wosb

Contracting News

Trump executive order extends Buy American policy

Readying contractors’ security plans for evaluation

DoD makes immediate change to limitations on subcontracting rule; FAR Council issues proposed rule

$3.6 million settlement resolves procurement fraud investigation involving 8(a) firm

2 Florida men convicted of selling falsely-labeled body armor

Read More

Contracting Tips

FAR definition of “recruitment fees”: No means no

Who is a subcontractor under a federal government contract?

Transparency in debriefs would improve competition, help small businesses

How some contractors successfully weathered the shutdown

SBA disappoints many growing small businesses by stating that new statutory 5-year period for eligibility is not effective yet

Read More

GTPAC News

GTPAC hosts ‘Creating the Next: Defense Innovation Conference’

‘Supply Chain Cybersecurity Academy’ hosted by Lockheed Martin on Feb. 27

Here are the Georgia businesses who won federal contracts in Jan. 2019

GTPAC enters 33rd year of continuous service to Georgia businesses

Dept. of Health & Human Services holding small business outreach event in Nashville on Feb. 11

Read More

Georgia Tech News

Current portfolio companies of Georgia Tech’s ATDC raise $114 million in investment capital in 2018

Georgia Tech develops safety app for social workers

Georgia Tech names new leadership for ATDC

Tech Square to host 2019 Association of University Research Parks international conference

Georgia Tech’s Technology Square continues to grow

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2019 · Georgia Tech - Enterprise Innovation Institute