GSA demands IT companies provide security plans

In a move to further toughen policies that protect sensitive IT systems, the General Services Administration now is asking companies to submit an IT security plan within 30 days after it is awarded an IT contract.

GSA officials changed their acquisition regulation to strengthen security requirements for contracts through which they buy IT services and supplies and IT systems. The final rule amends the General Services Administration Acquisition Regulation and takes effect Jan. 6. Officials issued an interim rule in June 2011.

Officials want the security plan to describe how the company will properly secure information under the new final rule. The rule also requires contractors submit written proof of IT security authorization six months after award as well as to verify that the IT security plan remains valid annually.

The requirements of the plan apply to all work performed under the contract, whether the prime contractor or subcontractor does the work.

Officials now want the authority to inspect and investigate a company. GSA requires that contractors open their doors to give agency officials access to facilities, operations and databases, even to employees, in order to check what’s going on at the companies that are working so close to GSA’s sensitive IT data.

They may want to test the vulnerabilities of safeguards against threats and hazards to GSA’s data or the systems operated on its behalf. The access would help the agency to preserve evidence of computer crime, according to the notice.

GSA based the rule on a recommendation from the agency inspector general. The IG audited GSA’s information systems to verify that it was meeting Federal Information Security Management Act requirements. The IG recommended toughening the policies.

Officials say the rule may have a significant economic impact on small businesses that don’t know too much about the requirements. Where the information is not already available, companies will need to familiarize themselves with the requirements and create the infrastructure to monitor and report compliance with the requirements.

However, companies won’t have too much trouble if they know about the requirements already through other agency contract clauses and existing GSA IT security demands. Small businesses are active providers of IT services.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!