Adversaries are using increasingly sophisticated methods and cyber operations to attack the supply chain, gain access to critical infrastructure, and steal sensitive information.EducateĬommunicate and train your purchasing/procurement and materials management professionals to ensure they are familiar with your compliance plan and potential changes. Stay on top of proposed updates to the FAR and prepare for changes that could impact your entity’s compliance. Look out for the FAR rules’ public comment periods and provide feedback.
M-21-30 Protecting Critical Software Through Enhanced Security Measures.M-21-31 Improving the Federal Government%u2019s Investigative and Remediation Capabilities Related to Cybersecurity Incident.
M-22-05, Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements.
National Security Memorandum/NSM-8 on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.Government Toward Zero Trust Cybersecurity Principles Executive Order 14028 - Improving the Nation's Cybersecurity.What contractors can do Read and understand the Executive Order and related memos Future updates to the Federal Acquisition Regulation (FAR).GSA will keep you informed communicating with you regarding all major developments.If your company cannot accept the modification, you will not be able to sell to the Federal government Modification of contract language to reflect new guidance from NIST and CISA.Requires amendments to the FAR to align with requirements in the EO.Creates cybersecurity event log requirements for Federal departments and agencies.Improves the ability to detect malicious cyber activity on Federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.Creates a standardized playbook and set of definitions for cyber incident response by Federal departments and agencies.Establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make recommendations for improving cybersecurity.