Xopus

Main Menu

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund

Xopus

Header Banner

Xopus

  • Schemas
  • CSS
  • Chrome
  • Firefox
  • Fund
Schemas
Home›Schemas›Biden administration signals sweeping shift in focus to deal with cyber concerns in government procurement Baker Donelson

Biden administration signals sweeping shift in focus to deal with cyber concerns in government procurement Baker Donelson

By Warren B. Obrien
May 14, 2021
0
0



In a paradigm shift for cybersecurity, President Biden signed an ambitious executive order (the Ordinance) on May 12 to address the increasingly sophisticated threats from malicious cyber actors to software supply chains and systems. federal information of the country. The country’s cybersecurity improvement decree aims to modernize the federal government’s cybersecurity, improve information sharing between federal agencies and the private sector, and strengthen the country’s resilience to cyber attacks. While the ordinance primarily focuses on the concrete steps the federal government needs to take to adopt cybersecurity best practices, several provisions will also have a significant impact on government contractors, sub-contractors, and other entities. from the private sector. These changes come at a critical time for these organizations, especially those working diligently to meet the requirements for Cyber ​​Security Maturity Model (CMMC) certification.

Key points to remember

Upcoming changes to FAR and DFARS

Federal government agencies are required to provide recommendations for changes to the contractual requirements of the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) for information and communications technology service providers ( TIC). The changes will require ICT service providers under contract with the federal government to collect and retain data and information relating to cybersecurity incidents, quickly share this data directly with designated federal agencies, and cooperate with investigations and law enforcement agencies. responses to incidents on federal information systems. .

Federal government cybersecurity modernization

The federal government will move towards a zero trust architecture and secure cloud services in accordance with the standards and guidelines of the National Institute of Standards and Technology (NIST). To facilitate this transition to a cloud-based infrastructure, the Federal Risk and Authorization Management Program (FedRAMP) will develop and promulgate security principles governing cloud service providers (CSPs). Additionally, all federal agencies are required to adopt multi-factor authentication (MFA) and encryption for data at rest and in transit by November 3, 2021. While this requirement is currently limited to the federal government, the The ruling is not clear as to whether AMF and encryption will also apply to government data and Controlled Unclassified Information (CUI) residing on Defense Industrial Base (DIB) and other networks. subcontractors.

Software supply chain security

In view of the impact that the SolarWinds violation continues to have in several industries, this ordinance aims to implement more stringent measures to ensure the proper functioning and reliability of critical software. Over the next 30 days, NIST will work with representatives from the federal government, the private sector, and academia to develop criteria for evaluating the security practices of software developers, after which NIST will issue guidelines to improve software supply chain security. Among these guidelines, there will be a requirement for software developers to provide the federal government with a software nomenclature for all critical software. Once NIST releases its guidelines, federal agencies will have 30 days to comply. Within one year, the Department of Homeland Security (DHS) will make recommendations for amendments to the FAR to contractually oblige suppliers to comply with NIST guidelines. Any software that does not meet the NIST standard will be removed from federal government contracts and networks. NIST will publish further guidelines articulating minimum standards for developers testing their software source code.

Internet of things

NIST will develop criteria for a basic level of secure practices and an associated scoring scheme for IoT devices which will likely include parallels with Underwriters Laboratories (a third-party certification company).

Cyber ​​Security Review Committee

The ordinance creates the Cybersecurity Safety Review Board (CSRB). Like the National Transportation and Safety Board (NTSB), the CSRB will be made up of government officials and industry professionals who will review and assess significant cyber incidents. The Council’s first order of business is to review the SolarWinds breach and provide DHS with recommendations to improve cybersecurity and incident response.

Network logs

Over the next two weeks, the government will develop requirements for event logging, retention of relevant data, and encryption of activity logs on federal information systems – including those hosted and managed by third parties. This requirement will require third party vendors who maintain information systems used by the federal government to collect, maintain and provide network logs to the government.

summary

This ordinance represents more than a progressive step in cybersecurity – it is a significant shift towards modernization and an increased public-private partnership. He seeks to consolidate inconsistent policies across multiple agencies and standardize common cybersecurity contracting language to improve compliance for vendors and security for the federal government. For federal contractors and their subcontractors, a thorough understanding of the requirements of upcoming standards will be crucial. Companies should strive to determine whether these changes will affect their overall business strategy, responses to tenders, and current plans to comply with CMMC requirements.



Related posts:

  1. My five # 436 | Inbound Marketing Agency
  2. Spring Boot Tutorial Brian Matthews
  3. ChaosSearch Data Platform Now Available in the AWS Marketplace
  4. Research review series: religious education

Recent Posts

  • This Keyboard Shortcut Can Undo Your Most Annoying Browser Mistake
  • UCSF and I-SPY 2 breast cancer researchers develop newly redefined breast cancer response subtypes
  • India-based web design company promises free food to children in need
  • Global Chromium Powder Market Size 2022 Booming By Share, Growth Size, Scope, Key Segments And Forecast To 2029 – Industrial Computing
  • Google Search Adds Author Markup Best Practices

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021

Categories

  • Chrome
  • CSS
  • Firefox
  • Fund
  • Schemas
  • Terms and Conditions
  • Privacy Policy