Overview of Government Contractor Cyber Security Compliance
Cybersecurity has become crucial need for government contractors at this time. Security threats have become so real and strong that all computer systems can be considered vulnerable to attacks, whether the hacker is located on the other side of the world, or in the same room as the computer. While this has been an issue for a long time for all Internet users, government contractors now have the special regulatory obligation of employing cybersecurity measures, without diminishing their ability to fulfill their responsibilities as government contractors.
New cybersecurity rules for government contractors are set to take effect on December 31, 2017. These will affect the General Services Administration (GSA), the Department of Defense (DOD), and the National Aeronautics and Space Administration (NASA).
Because cybersecurity standards and practices have been established for classified projects, the target of the new regulations is sensitive but unclassified information. This is the result of the evident fact that security breaches have become very common in the last few years.
While the new cybersecurity rules were first issued in 2015 yet, some government contractors failed to act on them and are not even fully apprised as to the requirements. As per a hundred new regulations, NASA, DOD and GSA contractors must enforce tougher physical security measures at their physical premises, enforce and document cybersecurity guidelines and practices, and build a comprehensive emergency plan that will protect them against a cybersecurity attack.
The cost of cybersecurity compliance will be different for various companies. For some contractors, only minor adjustments to their existing cybersecurity policies and practices may be necessary; for others, thousands of dollars may have to be spent to update old servers or buy new onesor hire security experts.
Although some government contractors are more than ready for the new regulations, others are just starting to prepare. The regulates require a new range of compliance obligations. But the unknown risks to government contractors, like compliance issues for subcontractors and the possibility of litigation, can pose even more risks for contractors in the long run. Hence, government contractors should keep working with their lawyer, with cybersecurity professionals and with compliance officers to avoid problems with their cybersecurity posture.
In 2017, federal officials promoted more effective cybersecurity by announcing different regulatory actions. For instance, in February of the same year, a “Cybersecurity National Action Plan” was announced, followed by two related executive orders.
In October of the same year, the Department of Defense issued a final rule that implemented cyber incident reporting requirements for all DOD contractors and subcontractors. DOD is encouraging its contractors to take part in the voluntary Defense Industrial Base cybersecurity information sharing scheme, which allows them to trade cybersecurity information with other contractors for mutual benefit.