Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity Video
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Athens Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Athens
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

Deadlines approach for government contractors on cybersecurity compliance

October 27, 2017 By Andrew Smith

Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below is a high-level overview of cybersecurity requirements found in the FAR and the Department of Defense (DoD) FAR Supplement (DFARS).

The FAR requires government contractors that handle “federal contract information” to comply with 15 requirements for safeguarding that information. These requirements are similar to certain requirements found in NIST SP 800-171.

Under the FAR, “federal contract information” is defined as:

information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public Web sites) or simple transactional information, such as necessary to process payments.

This is a broad category of information, and some commentators have suggested that it would apply to “virtually all” federal contracts.

Keep reading this article at: https://www.jdsupra.com/legalnews/deadlines-approach-for-government-74231/

Filed Under: Contracting Tips Tagged With: contract clauses, controlled unclassified information, CUI, cyber, cyber incidents, cybersecurity, DFARS, DoD, False Claims Act, FAR, FCI, flow down clause, NIST

What’s that cybersecurity FAR clause doing in my contract?

July 11, 2017 By Andrew Smith

Many contractors we talk to believe that cybersecurity requirements are exclusively a concern of contractors working with DoD or with highly-classified, top secret projects. While perhaps true to some degree in the past, that belief is now outdated. In recent years, the federal government has steadily expanded the reach of cybersecurity requirements imposed on contractors and contracts of all shapes and sizes, and that trend is expected to continue.

As an example, one year ago this month the government implemented a new FAR clause, FAR 52.204-21, entitled “Basic Safeguarding of Covered Contractor Information Systems.” This clause, which went into effect on May 16, 2016, brings basic cybersecurity requirements to many federal contracts. The clause is supposed to be inserted in every solicitation and contract where a contractor or subcontractor at any tier may have federal contract information (FCI) residing in or transitioning through its information system.

FCI is broadly defined as “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public.”

Prime contractors are also expected to flow down the clause to subcontracts at all tiers that may have FCI in their systems, including subcontracts for commercial items (but not subcontracts for commercial off-the-shelf items).

Keep reading this article at: http://www.mondaq.com/article.asp?articleid=602460

Note: Georgia Tech is sponsoring a free cybersecurity briefing on Aug. 9, 2017.  For details, visit: http://gtpac.org/2017/06/30/georgia-tech-sponsors-cybersecurity-briefing-in-august-for-manufacturers/

Filed Under: Contracting Tips Tagged With: contract clauses, cyber, cybersecurity, DoD, FAR, FCI, flow down clause

Final federal rule issued on safeguarding contractor information systems

June 17, 2016 By Andrew Smith

Federal Contract InformationAfter years of gestation, a final rule was promulgated May 16, 2016 to mandate minimum cyber defenses for companies that do government business. This Federal Acquisition Regulations rule – “Basic Safeguarding of Contractor Information Systems” 81 Fed. Reg. 30439 – seeks to protect the confidentiality and integrity of federal contract information (FCI) that resides in or transits through any contractor information system.

Why this rule?

Agencies are required by the Federal Information Security Modernization Act (FISMA) to protect federal information. The obligation extends to nonpublic information provided by the federal government to its contractors. Unauthorized cyber extraction of federal information has caused genuine injury to national interests. Using this new FAR provision, every federal agency now will require minimum cyber protection for FCI.

What is federal contract information?

FCI is defined as nonpublic information that is “provided for or generated for the government” under a contract to “develop or deliver a product or service to the government, but not including information provided to the public or simple transactional information. The new rule protects “information systems” rather than carefully defined information types, however. If a contractor processes stores or transmits any FCI, its information system becomes subject to minimum enumerated safeguards. Where a contractor information system hosts FCI and other, non-federal information, the rule applies to the whole system.

Keep reading this article at: http://www.federaltimes.com/story/government/solutions-ideas/2016/06/13/far-rule-federal-contractor-information/85825436/

Filed Under: Contracting News Tagged With: cloud, cyber, cybersecurity, cyberthreat, DFARS, DoD, FCI, federal contract information, Federal Register, FISMA, hack, hackers, information technology, NIST, NIST 800-171, small business, technology, vulnerability

Recent Posts

  • DoD publishes long awaited interim rule on CMMC
  • GSA Region 4 OSDBU hosting small business webinar
  • GTPAC launches COVID-19 resource page
  • GDEcD seeks GA Manufacturers and Distributors that can help with critical health care supply needs related to COVID-19
  • Georgia DOAS to hold 4th Annual Georgia Procurement Conference April 21-23, 2020

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

DoD publishes long awaited interim rule on CMMC

Small business subcontracting for cloud computing gets easier

Long awaited changes to WOSB/EDWOSB regulations expected this summer

The CMMC has arrived: DoD publishes version 1.0 of its new cybersecurity framework

GSA keeping ‘on track’ with schedule consolidation

Read More

Contracting Tips

A guide to labor and employment obligations for federal contractors

Who pays for CMMC certification?

Other transaction agreements: Where does an unsuccessful bidder go?

Knowledge is power, if you know how to use it

EAJA provides relief to construction contractor for government’s bad actions

Read More

GTPAC News

GSA Region 4 OSDBU hosting small business webinar

GTPAC launches COVID-19 resource page

GDEcD seeks GA Manufacturers and Distributors that can help with critical health care supply needs related to COVID-19

Georgia DOAS to hold 4th Annual Georgia Procurement Conference April 21-23, 2020

MICC Fort Stewart hosting acquisition forecast open house on Thursday, Feb. 6, 2020

Read More

Georgia Tech News

Dr. Abdallah testifies on U.S. competitiveness, research, STEM pipeline at Congressional hearing

Georgia Tech’s Technology Square Phase III to include George Tower

Student surprises his teacher with Georgia Tech acceptance news

Georgia Tech Applied Research will support DHS information safeguarding effort

$25 million project will advance DNA-based archival data storage

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute