The General Services Administration has proposed regulatory changes on how contractors inform the government about cyber incidents and how they secure confidential government information in solicitations.
The GSA wants to update its General Services Administration Acquisition Regulation to include the new rules — Case 2016-G511 and 2016-G515 — according to a Federal Register notice posted Friday.
GSAR Case 2016-G511 would require contractors to comply with agency cyber requirements and standards to protect GSA information when submitting statements of work and responding to solicitations.
The GSAR Case 2016-G515 rule would then update the agency’s 9297.2C policy to include standards on how the GSA and its contractors manage information technology systems, protect personally identifiable information and other confidential information and report cyber breach.
The 9297.2C is currently not available for public comment but the GSA wants to open the policy for public and industry input for further improvement.
“It establishes the requirement for contractors to preserve images of affected systems and ensure contractor employees receive appropriate training for reporting cyber incidents,” the GSA said in the notice.