GSA Seeks Public Comments on Cybersecurity Standards
May 24, 2013
The General Services Administration (GSA) recently issued a Request for Information (RFI) asking for public input on implementing cybersecurity standards into acquisition planning and contract administration. This RFI provides an important opportunity for contractors to voice potential burdens and compliance challenges that will be associated with implementing these standards in federal contracting, before the administration makes it final recommendation to the president.
This RFI is the first step in implementing President Obamas, Executive Order on Improving Critical Infrastructure Cybersecurity which we previously reported on here. Section 8(e) of that Order required GSA, DOD, Homeland Security, and the FAR Council to make recommendations on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration. Additionally, this report should address what steps can be taken to harmonize and make consistent existing procurement requirements related to cybersecurity.
As GSA explained in the RFI, Public outreach is a critically important activity for implementation of [the Executive Order]. Thus, GSA has issued 37 questions for public feedback in three broad categories: 1) the feasibility of incorporating cybersecurity standards into federal acquisitions; (2) existing commercial cybersecurity practices; and (3) the harmonization of existing cybersecurity obligations. Importantly, the RFI also provides a definition for cybersecurity to include: information security and related areas, like supply chain risk management, information assurance, and software assurance, as well as other efforts to address threats or vulnerabilities from or enabled by connection to digital infrastructure.
Contractors should strongly consider providing feedback on these issues. All comments are due by June 12, 2013. Instructions for submission can be found here.
Katie Calogero is the attorney responsible for the content of this article.