Jackson Kelly PLLC

Government Contracts Monitor

Information Security

BYE BYE DUNS - HELLO SAMMI

Last month the General Services Administration (GSA) awarded a $41 million, five-year contract to Ernst and Young LLP (EY) to replace Dun & Bradstreet (D&B) as the contractor supplying entity validation services – the well-known, long-standing Data Universal Number System (DUNS).  All federal agencies and federal contractors (and grant recipients) – everyone doing any kind of business with the…

China's Continuing Threat

Pentagon leaders have been speaking out, increasingly, regarding the risks to U.S. military operations created if and when Chinese technology is used in any military related 5G wireless telecommunications networks. Specifically, officials (former and current) are warning that using Chinese firms (for example, Huawei) to outfit military networks creates a high risk ... indeed a probability ... of…

Are there Cybersecurity Risks in Your Supply Chain?

By now we all know that the Federal Government has dramatically increased its efforts to reduce threats to cybersecurity: witness a case in the Court of Federal Claims (COFC) where the Social Security Administration (SSA), in acquiring new printers, was determined to avoid supply chain risks it suspected were present in a bidder’s offer. The bidder protested, but the COFC agreed with the agency.

Information on Your Employees’ Electronic Devices Might Not Be Secure at the Border

The recent spate of news stories describing travelers seeking to enter the U.S. being stopped at the border and forced to hand over their phones and laptops has caused a great deal of concern among pro-immigration and civil liberties advocates. But they are not the only ones who need to pay attention. For green card and visa holders, many of whom are already scared to travel outside the U.S. for…

Draft 2017 NDAA: Some Highlights

Following months of uncertainty and debate, the House and Senate have both approved the draft 2017 National Defense Authorization Act (NDAA), funding the Defense Department through the end of fiscal year 2017 (FY17).  The FY17 NDAA contains a number of significant provisions that promise to impact government contractors in significant ways. This article discusses several of them.

Section 217 of the…

Short Take: GAO Issues Report on the Use of Multidisciplinary Teams in IT Procurements

GAO recently released a 93 page report on the challenges that federal agencies face in procuring Information Technology (IT). According to the report, the federal government will spend more than $89 billion on IT procurements in Fiscal Year 2017. Where possible, the Office of Management and Budget (OMB) has urged agencies to develop and use Integrated Procurement Teams (IPTs) to assist in IT…

Short Take: GSA Cyber SINs Up and Running

Jackson Kelly recently reported on the General Services Administration’s (GSA) solicitation for four new Special Item Numbers (SINs) for Highly Adaptive Cybersecurity Services (HACS). The new HACS SINS cover four areas:  Penetration Testing, Incident Response, Cyber Hunt, and Risk and Vulnerability Assessment. 

The HACS SINs are now available under GSA’s Schedule 70, which covers IT services. GSA…

Defense Department Issues Final Rule Modifying DFARS Provisions on System Security, Cyber Incident Reporting, Cloud Computing, and Network Penetration

The DOD recently adopted as final, with changes, an interim rule implementing several provisions from the 2013 and 2015 National Defense Authorization Acts and the 2014 Intelligence Authorization Act.  The final rule, which took effect on October 21, 2016, addresses contractor reporting on network penetration and provides guidance on the procurement of cloud services.    

The final rule makes a number…

DoD Issues Final Rule on Cyber Incident Reporting for Contractors

The Department of Defense (DoD) recently issued its Final Rule outlining the mandatory cyber incident reporting requirements for DoD contractors and subcontractors, as well as other members of the Defense Industrial Base (DIB) (entities with grants, cooperative agreements, other transaction agreements, technology investment agreements, and any other type of legal instrument or agreement) doing…

Short Take: New Self-Assessment for Cybersecurity Risk Management Tool

Last week, the National Institute of Standards and Technology (NIST) released a draft of its new Baldrige Cybersecurity Excellence Builder, another component in NIST’s cybersecurity framework.  The Cybersecurity Excellence Builder is based on NIST’s Baldrige Performance Excellence Program. NIST’s Baldrige Program, a partnership between the public and private sectors, is dedicated to organizational…

Short Take: GSA Expands Cybersecurity Opportunities under Schedule 70

The General Services Administration (GSA), a central procurement source available for all federal agencies, has released a draft solicitation for four new Special Item Numbers (SINs) for Highly Adaptive Cybersecurity Services (HACS). The new HACS SINs will be available under GSA’s Schedule 70 Indefinite Delivery/Indefinite Quantity (ID/IQ) contract, which covers IT services. Federal agencies can…

 

© 2021 Jackson Kelly PLLC. All Rights Reserved.