Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

DoD testing secure cloud to help small contractors protect data

April 10, 2019 By Nancy Cleveland

The Pentagon still has deep concerns about thefts of sensitive Defense data from contractor systems. But it’s concluded that simply using contract terms to order firms to improve their security isn’t going to do the job.

So the department is testing ways to extend its own cybersecurity expertise and infrastructure to small and medium-sized businesses who don’t have the wherewithal to adequately secure their systems against nation-state attackers. Specifically, it plans to build a secure cloud to house the Defense data companies need to perform their contracts, instead of requiring them to store it themselves.

DoD’s research and development budget for 2020 includes $15 million for a small project the department terms the Defense Industrial Base (DIB) Secure Cloud Managed Services Pilot. In the early going, the Pentagon plans to make the cloud service available to “a subset” of small and medium companies that “support prioritized, critical DoD missions and programs.”

In contract terms, the department would treat the secure cloud as Government Furnished Equipment (GFE), said Ellen Lord, the undersecretary for acquisition and sustainment.

Keep reading this article at: https://federalnewsnetwork.com/defense-news/2019/03/dod-will-test-secure-cloud/

 

Filed Under: Contracting News Tagged With: cloud, cybersecurity, data protection, data security, DoD, GFE, hackers, small business

Software review provisions proposed by Senate Armed Services Committee could have significant impact on DoD contractors

June 20, 2018 By Nancy Cleveland

As the Senate approaches the end of its debate on the National Defense Authorization Act (NDAA) for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention.  These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject to review by U.S. national security agencies.

As drafted, the provisions could expose current and prospective contractors to intrusive scrutiny and significant risks.  They lack clarity on key definitions, leaving the precise scope of those risks unclear.  We summarize major issues and concerns below.  We expect these provisions to receive scrutiny during the House-Senate conference on the NDAA over the summer.

Synopsis of the Proposed Legislation

Three sections of the Senate’s version of the NDAA, which passed the Senate Armed Services Committee in May, would establish new rules designed to mitigate “risks posed by providers of information technology with obligations to foreign governments.”  Those risks involve the access that foreign governments may have to code in products or services that are offered to the Department of Defense.  The provisions also impose new disclosure requirements on the efforts of a prospective vendor to obtain a license under the Export Administration Regulations (“EAR”) or the International Traffic in Arms Regulation (“ITAR”).

The pending legislation would require proactive disclosure of those matters, and would impose an ongoing duty to supplement those disclosures during the period of performance on the contract.  The Secretary of Defense would be authorized to assess and mitigate any resulting national security risks through contractual provisions or other performance requirements.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/06/senate-armed-services-committee-proposes-expansive-unclear-software-review-provisions/

Filed Under: Contracting News Tagged With: code, COTS, cybersecurity, data security, DoD, EAR, export administration regulations, foreign governments, IT, ITAR, national security, NDAA, risk, risk assessment, Senate Armed Services Committee, technology

Why CDM vendors need more flexibility

March 26, 2018 By Nancy Cleveland

The first two phases of the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) program have helped government agencies deploy foundational cybersecurity solutions for real-time visibility and continuous network monitoring to identify vulnerabilities, reduce risk, ensure compliance and respond to threats.

DHS and the General Services Administration (GSA) deserve tremendous credit for implementing a technical program of this size and complexity. However, the first two phases barely bring government to the starting line of the cybersecurity technology race. The private sector and U.S. adversaries are already well past that point.

The most important phase of the CDM program is yet to come, under which government tackles the data security problems of an increasingly mobile workforce and distributed cloud computing environment.

Keep reading this article at: https://fcw.com/articles/2018/03/19/cdm-vendor-flex-comment.aspx

Filed Under: Contracting News Tagged With: blanket purchase orders, BPA, CDM, cybersecurity, data security, DHS, GSA, Homeland Security

Final rule beefs up mandates for contractor information systems security

May 24, 2016 By Nancy Cleveland

Federal RegisterA new final rule four years in the making will amend the Federal Acquisition Regulations, or FAR, with new sections on the basic safeguarding of contractor information systems.

The rule, published on May 16, 2016 in the Federal Register and issued by the Defense Department, General Services Administration and NASA, will add a subpart and contract clause on contractor systems that process, store or transmit federal contract information, and calls on contractors to apply a minimum of 15 security control requirements.

This type of information is not intended for public release and excludes information that the government provides to the public or that is related to processing payments.

The focus of the rule is on a basic level of safeguarding, and contractors still have to comply with safeguarding requirements for protecting controlled unclassified information, or CUI. “Systems that contain classified information, or CUI, such as personally identifiable information, require more than the basic level of protection,” the rule stated.

Keep reading this article at: http://www.fiercegovernmentit.com/story/final-rule-beefs-mandates-contractor-information-systems-security/2016-05-17

Filed Under: Contracting News Tagged With: classified information, contractor information system, controlled unclassified information, CUI, cybersecurity, data security, FAR, Federal Register, IT, safeguarding information, security, security control, technology

Colorado DOT employee stole DBE contractors’ personal information

May 11, 2016 By Nancy Cleveland

DBE certifiedPersonal information from hundreds of Colorado Department of Transportation (CDOT) contractors may have been compromised after a data breach involving a CDOT employee.

The employee, who is no longer working for CDOT, had access to a database for several hundred disadvantaged and emerging small businesses. The database for Emerging Small Business (ESB) and Disadvantaged Business Enterprise (DBE) firms contained confidential information — including tax returns.

“We believe that there is a data breach on the database itself where an employee accessed information and may be using that and selling that information externally,” CDOT spokeswoman Amy Ford said.

The businesses potentially affected by the data breach submitted information to CDOT in order to qualify for ESB and DBE programs, Ford said. The programs are designed to give small, disadvantaged businesses an opportunity to contract with CDOT on construction, professional service, research and more.

Keep reading this article at: http://www.9news.com/mb/news/cdot-employee-stole-contractors-personal-information/175000302\

See letter send by CDOT to affected contractors at: https://www.scribd.com/doc/311660836/Letter-about-CDOT-data-breach

Filed Under: Contracting News Tagged With: data breach, data compromise, data security, DBE, DOT, ESB, small business

Pentagon unveils new rules requiring contractors to disclose data breaches

September 8, 2015 By Nancy Cleveland

New sweeping defense contractor rules on hack notifications took effect August 26, 2015, adding to a flurry of Pentagon IT security policies issued in recent years.

ombThe Office of Management and Budget proposed guidelines to homogenize the way vendors secure data government-wide. The Defense Department had already released three other policies that dictate how military vendors are supposed to handle sensitive IT.

Now, industry, which is already concerned about overlapping and burdensome cyber rules, worries the Pentagon will go back and retroactively change contracts, after the White House draft is finalized.

pentagon-sealThe new Pentagon regulations for “Network Penetration Reporting and Contracting for Cloud Services” cover more types of incidents and more kinds of information than past policies. The guidelines also apply to a broader swath of the contracting community.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2015/08/pentagon-tries-harmonize-contractor-data-breach-rules/119498

Filed Under: Contracting News Tagged With: cloud, cybersecurity, data breach, data security, DoD, OMB, security

Actions foreshadow uniform cybersecurity regulations for federal contractors

July 24, 2015 By Nancy Cleveland

Two recent Executive Agency actions lay the groundwork for a FAR cybersecurity clause in 2016.

  • Government contractors should expect an amendment to the Federal Acquisition Regulation in 2016 that mandates cybersecurity clauses and standards.
  • Companies can prepare now by comparing new government standards to their existing system protections.
  • As part of this process, companies should not just be reviewing the capabilities of their information systems, but also their written information assurance policies, training materials, and employment and third-party agreements.

cyber securityFederal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the Federal Acquisition Regulation (FAR) in 2016.

Keep reading this article at: http://www.jdsupra.com/legalnews/actions-foreshadow-uniform-45314/

For more information on this topic, see: www.gtpac.org/tag/controlled-unclassified-information

Filed Under: Contracting News Tagged With: controlled unclassified information, CUI, cybersecurity, data security, FAR, NIST 800-171

Securing federal data on nonfederal systems

July 3, 2015 By ei2admin

The National Institute of Standards and Technology (NIST) has issued new guidance aimed at protecting federal data that’s stored on information systems outside the federal government.

NISTSpecial Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, applies to information systems and organizations outside of the federal government that process, store or transmit federal controlled unclassified information, or CUI.

CUI is any information that the federal government requires to be safeguarded by security and/or privacy controls, excluding information that is deemed classified, which is protected under a different set of regulations.

Keep reading this article at: http://www.govinfosecurity.com/securing-federal-data-on-nonfederal-systems-a-8328/op-1

Filed Under: Contracting News Tagged With: controlled unclassified information, CUI, data security, NIST, privacy, unclassified information

Doing business with the government? What you should know about cybersecurity

June 15, 2015 By ei2admin

Government contractors are in a difficult position when it comes to cybersecurity. Not only do they need to worry about cybersecurity issues that affect almost every company, but they also often house sensitive government data that can carry additional obligations.

cyber securityFurther, the very fact that they have access to this information, and their relationship to the U.S. government, makes them an attractive target for malicious efforts. Escalating these concerns, not only are contractors with sensitive information prime targets for standard hackers trying to prove their worth, but they are also in the cross-hairs for attacks sponsored by countries hostile to the United States or interested in obtaining technology otherwise prohibited to them.

The U.S. government recognizes this threat and has responded in two major ways. The first is to impose additional cybersecurity responsibilities on contractors who have access to sensitive data. While the goal of these additional obligations is to harden security to protect data, their parameters are not always apparent and can be easily misunderstood. Just identifying what a contractor is expected to do can be a challenge. The second element of the government’s approach is to assist in combating cyber attacks by offering to work with companies, including contractors, who find themselves victims. This help can be invaluable, especially for sophisticated and persistent state-sponsored cyber threats. It also raises additional issues, however, and many companies are justifiably suspicious of opening their information technology systems to the government.

In this Commentary, we highlight the aligned and competing priorities of the government and companies in this space. We discuss some of the main requirements imposed on contractors that go above and beyond those required of standard companies. We also delve into practical considerations for government contractors in this area and developing trends.

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=402096

Filed Under: Contracting Tips Tagged With: classified information, cybersecurity, data security, sensitive information

Recent Posts

  • Contractors must update EEO poster
  • SBA scorecard shows federal government continues to prioritize small business contracting
  • The risk of organizational conflicts of interest
  • The gap widens between COFC and GAO on late is late rule
  • OMB releases guidance related to small business goals

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Read More

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute