Contractors to Give GSA IT Security Plans

Photo: Juanjo Tugores

The General Services Administration will require vendors to provide information technology security plans detailing how they are meeting federal cyber regulations under a new rule published Friday.

GSA said that changes are will apply to IT contracts awarded after Jan. 6, 2012 and that contractors must submit their IT security plans within 30 days of the contract award.

The plan should detail the processes and procedures the contractor will follow for “appropriate security of IT resources… used under the contract.”

GSA said it will use this information to verify that IT data and systems are effectively secured from unauthorized users. GSA will also inspect prime contractors’ and subcontractors’ facilities and IT systems.

Both prime and subcontractors will submit written proof of IT security authorization six months after the award in order to verify the validity of their security plan. The required plans and proposals will be included in IT contract solicitations.

You may also be interested in...

Cybersecurity

DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *