What Are the New Cybersecurity Rules for Government Contractors?

The Cybersecurity Act of 2015 was signed into law by President Obama on December 14, 201. The act aims to protect government contractor networks and critical infrastructure from cyber attacks. It also provides for the sharing of cyber threat information among private entities and the federal government in an effort to improve cybersecurity protection. This blog post will provide you with a summary of the new rules for Government Contractors.

What does cybersecurity entail?

Cybersecurity encompasses the prevention, detection, and reaction to unauthorized access to computers or networks. Also, it involves the implementation of procedures that allow for greater protection against unauthorized access to sensitive or valuable information.

This act aims to accomplish this through three main changes: 

  • Authorizing the U.S Department of Homeland Security (DHS) existing Continuous Diagnostics and Mitigation (CDM) Program, which is designed to enhance the cybersecurity of federal agencies by adding an automated capability for securing and protecting agency information systems.
  • Authorizing the National Institute of Standards and Technology (NIST) to create a framework that will help critical infrastructure entities detect emerging cyber threats through improved analytics involving real-time network traffic analysis.
  • Enquiring NIST to provide guidance on how best security standards are created after consulting with industry experts across the public and private sector as well as relevant international bodies over 18 months. 

Congress laid out specific guidelines in this act for government contractors who work within or alongside several different types of organizations, including defense manufacturing facilities, nuclear reactors, water treatment plants, among many others.

What are the new rules for Government Contractors?

This act requires government contractors to report any cybersecurity incidents within one hour of discovery. It also mandates that companies develop a written plan to respond to cybersecurity threats and share information with the federal government. However, most importantly, this new law outlines specific guidelines for protecting critical infrastructure from cyberattacks as well as implementing better security standards across all agencies in order to prevent unauthorized access or “cyber-attacks.” In addition, NIST will revise the Federal Acquisition Regulation (FAR) over the next several months before being finalized next year, so it is important that you stay tuned in to updates on these changes if your business works closely with the U.S Government contracting market.

What are the new cybersecurity rules for government contractors?

The new rules for government contractors can be summarized as follows:

  • Companies working with the U.S Government must report any cybersecurity incidents within one hour of discovery
  • A written plan is required to respond and share information on cyber threats between companies and federal agencies
  • Businesses must implement new standards in order to protect critical infrastructure such as energy, water treatment plants, among many others, from potential cyber attacks

Who will be affected by these rules, and why should they care about them?

The act will affect all government contractors and those who work alongside the U.S Government in some capacity, from global defense manufacturers to small businesses. Therefore, it is important that you stay up-to-date on these changes because if your business falls under one of these categories, it may significantly impact future contracts with federal agencies or other organizations within this sector.