Cyber Security Compliance for Government Contractors
Cybersecurity has become crucial need for government contractors at this time. Computer systems have become highly vulnerable to attacks by hackers who may located halfway across the world or right inside the room. This has been an issue for all users for a considerable period of time, but government contractors in particular now have to comply with special regulatory requirements in a way that does not negatively affect their ability to secure and fulfill government contracts.
There will be new cybersecurity rules for government contractors starting December 31, 2017. To be affected by these are the Department of Defense (DOD), the General Services Administration (GSA) and the National Aeronautics and Space Administration (NASA).
With cybersecurity standards and practices already well-established for classified projects, the new set of regulations will be intended to protect unclassified sensitive information. This is brought about by the obvious fact that security breaches have tremendously increased in frequency over the last few years.
While the new cybersecurity rules were first issued in 2015 yet, some government contractors failed to act on them and are not even fully apprised as to the requirements. As per a hundred new regulations, NASA, DOD and GSA contractors must enforce tougher physical security measures at their physical premises, enforce and document cybersecurity guidelines and practices, and build a comprehensive emergency plan that will protect them against a cybersecurity attack.
The cost of complying with the new cybersecurity regulations can vary from one company to another. There are contractors who only have to make small adjustments to their current cybersecurity practices and policies, while others may have to spend so much more to update or replace old servers, buy new equipment or hire security experts.
Although some government contractors are more than ready for the new regulations, others are just starting to prepare. With the regulations come an entire variety of new compliance responsibilities. However, the less known risks to government contractors – for example, compliance issues for subcontractors and litigation possibilities – can be riskier for them over the long term. Thus, it is necessary for government contractors to be closely working with their lawyer, with cyber specialists as well as with compliance officers in order to avoid problems.
In 2017, federal officials promoted more effective cybersecurity by announcing different regulatory actions. For instance, in February of the same year, a “Cybersecurity National Action Plan” was announced, followed by two related executive orders.
After a few months in that same year, the Department of Defense came up with its final rule on the cyber incident reporting requirements, which covered all contractors and subcontractors of the department. DOD is strongly encouraging its contractors to join the voluntary Defense Industrial Base cybersecurity information sharing program, where they can share cybersecurity information with other contractors and learn from one another’s strengths and weaknesses.