The General Services Administration has proposed a new rule that would require contractors to report cyber threats and provide GSA and client agencies authority to access breached systems, Nextgov reported Thursday.
The agency introduced the policy as an amendment to the GSA Acquisition Regulation, according to a regulatory roadmap obtained by the publication.
The proposed rule would direct contractors to disclose any cyber incident that undermines the availability, integrity and confidentiality of information systems or data “owned or managed by or on behalf of the U.S. government.”
Contractors would also be required to save images of breached platforms and provide incident reporting training for employees.
GSA plans to issue in April a notice of proposed rulemaking with a comment period that will run through June, according to the notice.