Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

Readying contractors’ security plans for evaluation

February 18, 2019 By Andrew Smith

The Defense Department recently issued final guidance for requiring activities to assess contractors’ system security plans and their implementation of the security controls in National Institute of Standards and Technology Special Publication 800-171.

It includes a compliance guidance document, which explains how department entities will assess contractor implementation of its security controls, and an impact guidance document, which explains how the Pentagon will assess the risks of security controls not implemented.

The compliance guidance addresses three objectives pre-award: requiring a self-attestation of implementation of the special publication in all proposals; imposing enhanced security controls in certain situations; and providing alternatives for compliance as an evaluation factor.

Defense Federal Acquisition Regulation Supplement 252.204-7008, which is required in every noncommercial off-the-shelf solicitation, provides that “[b]y submission of this offer, the offeror represents that it will implement the security requirements specified by [NIST SP 800-171].” The Defense Department has interpreted “implementation” as having a completed security system plan and a plan of action and milestones for the relevant covered defense information.

If a requiring activity believes that enhanced security controls are required beyond those in NIST SP 800-171, the compliance guidance provides direction for adding the requirements to a solicitation.

The guidance does not define what constitutes “enhanced controls.” NIST is expected to issue a new appendix of enhanced controls in the first quarter of 2019.

Keep reading this article at: http://www.nationaldefensemagazine.org/articles/2019/1/30/readying-security-plans-for-evaluation

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, enhanced controls, network infrastructure, NIST, NIST 800-171

DoD continues to up the ante on cybersecurity compliance for contractors

February 4, 2019 By Andrew Smith

Compliance with the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is only the beginning for contractors that receive controlled defense information (CDI) in performance of Department of Defense (DoD) contracts and subcontracts.

Faced with an evolving cyber threat, DoD contractors have experienced an increased emphasis on protecting DoD’s information and on confirming contractor compliance with DoD cybersecurity requirements.  This includes audits by the DoD Inspector General (IG) “to determine whether DoD contractors have security controls in place” to protect CDI and enhanced security controls for certain high risk contractor networks.

And on September 28, 2018, the Navy issued a policy memorandum calling for enhanced cybersecurity requirements, including some that have generated opposition within the defense community such as the installation of network sensors by the Naval Criminal Investigative Service on contractor systems.

Other requiring activities are reportedly requiring similar enhanced protections, and NIST is expected to issue a public draft of Revision 2 to NIST SP 800-171 by the end of February, with an appendix of additional enhanced controls.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/01/dod-continues-ante-cybersecurity-compliance-contractors/

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, network infrastructure, NIST, NIST 800-171

The new rules of cybersecurity

January 24, 2019 By Andrew Smith

At this very moment someone, somewhere in the world may be plotting to hack into an organization’s critical network infrastructure.

Creativity, time and investment are never in short supply when determined attackers are intent on gaining access to networks. It’s created an environment whereby solutions to prevent attacks are being developed just after new hacking tactics are deployed. To solve this divergence, we need to focus on “cyber at machine speed” — implementing new tools simultaneously with or even before hackers.

In short, getting the basics right is no longer enough. Adversaries now have the tools, the motivation and certainly the persistence to overcome current standards and compliance protocols.

Simply put, adequacy is no longer adequate.

Keep reading this article at: https://www.nextgov.com/ideas/2018/12/new-rules-cybersecurity/153714/

See GTPAC’s video, template and other resources designed to help contractors comply with the DoD/NIST cybersecurity rules at: http://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting Tips Tagged With: controlled defense information, cyber, cyber incident, cybersecurity, DFARS, DoD, network infrastructure, NIST, NIST 800-171 NIST issues guidance on contractor

Recent Posts

  • Georgia Tech creates new Office of Corporate Engagement
  • Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service
  • SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th
  • GSA hosting “Getting on the GSA Schedule” webinar April 13th
  • NIH hosting 2021 small business program conference April 26-30th

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Federal contractor indicted for stealing over $1.2 million from the U.S. Postal Service

CMMC announces new advisory council to collect industry feedback

EEOC announces April 26 opening date for the collection of 2019 and 2020 EEO-1 component 1 data

Contractors line up to rebuild MARTA’s Five Points Station

GDOT announces $828.8 million in projects to transform Ga. 316

Read More

Contracting Tips

A whole new marketplace: GSA’s “commercial platforms” initiative

CRS Reports: Mentor-Protégé programs and small business size standards

CRS Report: Small businesses and COVID-19, relief and assistance resources

How do I find out what the government is buying?

Past performance isn’t always a required evaluation factor, says GAO

Read More

GTPAC News

SBA hosting “Contract Bonds and Surety Bond Guarantee” webinar April 20th

GSA hosting “Getting on the GSA Schedule” webinar April 13th

NIH hosting 2021 small business program conference April 26-30th

Defense Counterintelligence and Security Agency hosting industry day and matchmaking May 6th and 20th

Missile Defense Agency hosting virtual conference May 11-13th

Read More

Georgia Tech News

Georgia Tech creates new Office of Corporate Engagement

Delta Jacket wins 2021 Georgia Tech InVenture prize

Future of 5G is under the microscope at Georgia incubator

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute