1. The Real Risk of Cybersecurity: Choosing to be Unaware
Since 2016, the federal government has implemented numerous procurement regulations and associated contract clauses to address cybersecurity by requiring contractors to adopt various controls and standards to protect sensitive, unclassified information, and to harden information technology (IT) systems to make them more resilient to all manner of cyber hacks. The easy part (not that it was at all easy) was developing the controls and standards – NIST SP 800-171 (currently up to Rev. 3), and contract clauses (most notably, FAR 52.204-21, and DFARS 252.204-7012, 7019, 7020, 7021, and others). The difficult part is getting contractors to take seriously the obligation to invest in cybersecurity.Continue Reading Federal Cybersecurity Requirements Ought Not Be Ignored by Contractors