Overview of Government Contractor Cyber Security Compliance
Cybersecurity has become a crucial requirement for government contractors in 21st century operations. Security threats have become so real and strong that all computer systems can be considered vulnerable to attacks, whether the hacker is located on the other side of the world, or in the same room as the computer. Although this has been a growing concern for so many years for all Internet users,government contractors in particular are now facing the additional challenge of complying with special regulatory obligations, which they must fulfill without hampering their ability to secure and fulfill government contracts.
New cybersecurity rules for government contractors are set to take effect on December 31, 2017. These will affect the General Services Administration (GSA), the Department of Defense (DOD), and the National Aeronautics and Space Administration (NASA).
Because cybersecurity standards and practices have been established for classified projects, the target of the new regulations is sensitive but unclassified information. This is to address the problem of security breaches becoming increasingly common since the last few years.
While the new cybersecurity rules were first issued in 2015 yet, some government contractors failed to act on them and are not even fully apprised as to the requirements. Over a hundred new regulations will require NASA, GSA and DOD contractors to beef up their premises’ physical security, draft and document their cybersecurity guidelines and practices, and create an extensive emergency plan in the face of a cybersecurity attack.
Compliance with the new cybersecurity regulations will cost differently for various companies. There are contractors who only have to make small adjustments to their current cybersecurity practices and policies, while others may have to spend so much more to update or replace old servers, buy new equipment or hire security experts.
While there are government contractors who are all set for the new guidelines, others may even be just beginning to prepare for them. With the regulations come an entire variety of new compliance responsibilities. But the unknown risks to government contractors, like compliance issues for subcontractors and the possibility of litigation, can pose even more risks for contractors in the long run. Therefore, it is a must that government contractors work regularly with their lawyer, with cyber professionals and with compliance officers to avoid any problems.
In 2017, federal officials promoted more effective cybersecurity by announcing different regulatory actions. For instance, in February of the same year, a “Cybersecurity National Action Plan” was announced, followed by two related executive orders.
In October of the same year, the Department of Defense issued a final rule that implemented cyber incident reporting requirements for all DOD contractors and subcontractors. DOD is encouraging its contractors to take part in the voluntary Defense Industrial Base cybersecurity information sharing scheme, which allows them to trade cybersecurity information with other contractors for mutual benefit.