OMB Issues New Draft Cyber Guidance for Contractors

Aug
13

OMB Issues New Draft Cyber Guidance for Contractors

Article By Susan B. Cassidy, Alejandro L. Sarria | Covington & Burling LLP

On August 11, 2015, the Office of Management and Budget (OMB) issued a draft guidance memorandum intended to improve cybersecurity protections in federal acquisitions. Specifically, the proposed memorandum provides direction to federal agencies on “implementing strengthened cybersecurity protections in Federal acquisitions for products or services that generate, collect, maintain, disseminate, store, or provides access to Controlled Unclassified Information (CUI) on behalf of the Federal government.” CUI is defined in a recently issued proposed FAR rule as “information that laws, regulations, or Government-wide policies require to have safeguarding or dissemination controls, excluding classified information.”

***

Security Controls

For systems operated on behalf of the Government, contractor systems must meet the appropriate baseline in NIST SP 800-53, as modified by the agency to meet the agency’s risk management requirements and to account for non-government customers (i.e, cloud service providers). For CUI in these systems, the Guidance provides that the moderate baseline for confidentiality should be applied and adjusted for any specific protection requirements required by law, regulation, or government-wide policy.

Read Complete Article

NIST SP 800-137

Guide for Continuous Monitoring of Information Systems and Organizations

OMB Issues New Draft Cyber Guidance for Contractors

Security Controls

Leave a Reply Cancel reply

Links

Submit a Post

Archives