From: Lexology
Christian F. Henel, Gunjan R. Talati, Lawrence M. Prosen and Thomas F. Zych | Thompson Hine LLP
***
Once final, the guidance, “Improving Cybersecurity Protections in Federal Acquisitions,” will likely provide requirements in the following five areas, each of which impacts how contractors develop and maintain their information security systems:
***
Information security continuous monitoring (ISCM). The guidance encourages agencies to develop ISCM as a way of maintaining ongoing awareness of federal contractors’ information security capabilities. The guidance does not specify a particular technology or program to achieve ISCM. To the extent agencies do not implement ISCM, they must require that contractors meet or exceed security monitoring requirements set forth in OMB Memorandum M-14-03.
Leave a Reply