FISMA | Georgia Tech Procurement Assistance Center

dan-valez Over the years, I’ve sought to provide practical perspectives on the National Industrial Security Program Operating Manual from the Defense Security Service (DSS). Known as the NISPOM, the manual serves as a repository of “must do’s” for Department of Defense (DoD) contractors supporting classified programs.

Given that the protection of classified information and tech systems remains an increasingly complex and constantly evolving challenge, DSS updates NISPOM as requirements shift.

national-industrial-security-program-operating-manual-feb-2006 In May, the most recent update was issued in what was called an “Industrial Security Letter” which summarized a number of new, minimum standards referred to collectively as “Conforming Change 2.”

The letter states that contractors cleared for work involving classified information must establish and maintain a program “to detect, deter and mitigate insider threats.” The letter mandates the monitoring of user activity on classified information systems. For example, to track “activity indicative of insider threat behavior.”

User monitoring and other measures now have emerged as requirements – not recommendations – to pursue this line of business with the government.

Keep reading to see the four key changes/provisions in the “new” NISPOM, and what contractors should know about them: https://washingtontechnology.com/articles/2016/10/27/insights-velez-new-cyber-requirements.aspx

After years of gestation, a final rule was promulgated May 16, 2016 to mandate minimum cyber defenses for companies that do government business. This Federal Acquisition Regulations rule – “Basic Safeguarding of Contractor Information Systems” 81 Fed. Reg. 30439 – seeks to protect the confidentiality and integrity of federal contract information (FCI) that resides in or transits through any contractor information system.

Why this rule?

Agencies are required by the Federal Information Security Modernization Act (FISMA) to protect federal information. The obligation extends to nonpublic information provided by the federal government to its contractors. Unauthorized cyber extraction of federal information has caused genuine injury to national interests. Using this new FAR provision, every federal agency now will require minimum cyber protection for FCI.

What is federal contract information?

FCI is defined as nonpublic information that is “provided for or generated for the government” under a contract to “develop or deliver a product or service to the government, but not including information provided to the public or simple transactional information. The new rule protects “information systems” rather than carefully defined information types, however. If a contractor processes stores or transmits any FCI, its information system becomes subject to minimum enumerated safeguards. Where a contractor information system hosts FCI and other, non-federal information, the rule applies to the whole system.

Keep reading this article at: http://www.federaltimes.com/story/government/solutions-ideas/2016/06/13/far-rule-federal-contractor-information/85825436/

4 things you need to know about new contractor requirements for classified networks

Contracting News

Pentagon races to empty its coffers by month’s end

Lawmakers announce deal to avoid government shutdown

Boosting small business demands big ideas

Orlando contractor to pay $575,000 after DOL investigation uncovers improper pay deductions

Defense contractors to face new cost accounting oversight with creation of Defense Cost Accounting Standards Board

Contracting Tips

Before you bid on a government contract: The crucial details you need to know

Establishing prejudice in an LPTA protest

5 questions answered about size protests

Strict notification and disclosure requirements apply to defense contractors

Yes, an agency can change the NAICS code from one iteration of a contract to the next

GTPAC News

Suspicious contract activity proliferates — watch out!

You are invited to be a beta-tester for a brand-new GTPAC service

University system holding procurement expo on Nov. 30th

Here are the Georgia businesses who won federal contracts in August 2018

Warning: Don’t be duped into paying for GTPAC’s services — Our services are free of charge!

Georgia Tech News

Georgia Tech’s Technology Square continues to grow

Georgia Tech to hold panel discussion on succession planning in Savannah on Sept. 27th

10 tips for contractors who need to renew ISO 9001 certification by September deadline

Georgia Tech’s ATDC hosting healthcare summit Sept. 12th

Ports Authority, Georgia Tech, and Center for Innovation sign MOU to tap into advanced logistics planning