CybersecurityGovernment contractors now required to have cybersecurity plans

Based on a new General Services Administration (GSA) rule, all contractors and subcontractors that provide federal agencies with IT services, systems, or supplies are required to submit a cyberescurity plan that matches government regulations.

In addition contractors must grant GSA inspectors access to facilities, operations, documents, databases, and all else needed to determine that a company is in compliance with federal cybersecurity standards.

In the Federal Register, GSA noted that “this final rule may have a significant economic impact on a substantial number of small entities.”

According to data from the Federal Procurement Data system, it is estimated that roughly eighty small businesses will be affected by the new regulations each year.

Under the new rule, contractors must submit cybersecurity plans within thirty days of winning a contract. Additionally contractors must also submit written proof that cybersecurity plans and policies have been implemented six months after the initial awarding of the contract. Finally each year contractors must prove that cybersecurity plans and policies remain in place each year.