Blog Article

National Cyber Security Awareness Month: 3 Steps to Safeguarding Your Contracts

National Cyber Security Awareness Month: 3 Steps to Safeguarding Your Contracts icon

As another government fiscal year comes to a close, agencies are moving to the execution phase.  For contracts that involve cybersecurity elements, acquisition planning, and contract administration have become increasingly more complex with the recent laws and regulations governing cybersecurity.  With October designated as National Cyber Security Awareness Month, this is a perfect opportunity to review current and new contracts and self-audit existing cybersecurity management practices.

In a panel discussion at the New York Times 2015 DealBook Conference, IBM CEO, Ginni Rometty, predicted that “Cyber crime is the greatest threat to every company in the world.”  With data breaches such as the U.S. Office of Personnel Management and the recent Equifax hacks, major attacks have become a common occurrence.  Larger-scale breaches gain media attention due to the millions of records that are comprised.  However, “smaller” attacks, such as those involving identity theft, happen every day and can lead to the devastating data leaks that impact a majority of the population.

Contracting professionals are the cybersecurity gatekeepers of the Federal acquisition process.  Cyber criminals know this and are constantly looking for ways to exploit vulnerabilities.  How can contracting professionals safeguard their contracts and do their part to practice good cybersecurity management?  Here are three suggestions.

Step 1:  Compile a Checklist

Contracting professionals are responsible for certifying that cybersecurity requirements have been met and keeping contracts secure.  Focusing on relationships with key individuals in all relevant areas of the organization is one way to contribute to cybersecurity management.  Creating a checklist of questions can serve as an overview as well as a conversation starter for establishing those key relationships.  Questions can include:

  • What kind of data do we store? Process? Transmit?
  • Who has access to the data?
  • What kind of cybersecurity training do we provide to our staff?
  • Do we have a written incident response plan? When and how is it tested?
  • Who is responsible for maintenance of our information systems?

Knowing the answers to these questions better prepares contracting professionals to handle potential cyber threats.

Step 2:  Know Which Rules and Regulations Apply

The axiom “an ounce of prevention is worth a pound of cure” rings true especially during the acquisition planning phase.  For contracts governed by cybersecurity laws and regulations, knowing which ones apply is a crucial step to securing contracts.  Today, there are three main Federal cybersecurity regulations:

There are also key FAR (FAR 52.239-1 and 52.204.21) and DFARS (DFARS 252.204-7012, 252.204-7008, 252.204-7009, and 252.239.7010) clauses that contracting professionals should be aware of, as well as reporting requirements that are associated with certain provisions.  Keeping track of the ever-changing cybersecurity landscape can become a full-time, but necessary, job.

Step 3:  Be Vigilant

Cyber criminals are constantly looking for vulnerabilities and ways to infiltrate systems.  Finding out who the contracting professional is on large-dollar procurements does not require much effort, especially if the solicitation is posted on FedBizOps.  That could make the individual an easy target.  As gatekeepers of the acquisition process, contracting professionals can do their part by knowing who in their organization is responsible for network security, reporting any suspicious activity, validating all requests for data before providing information, creating complex passwords and keeping them secure, being mindful of what gets posted on social media, and separating business and personal accounts.  Although we’ve heard these practical security tips before, they bear repeating especially since cyber attacks are on the rise.

Interested in knowing what other steps are needed to safeguard contracts?  Learn effective cybersecurity risk management practices and how to assess cyber risk to ensure compliance throughout the contracting cycle.

Related Resources

See All
Blog Article

The Critical Role of Risk Management in Senior-Level Federal Decision-Making 

Risk management is crucial across all government levels, but its significance is particularly heightened at senior levels.

Read More
Blog Article

Making eLearning and Video Development Easier 

Self-paced eLearning and video can be a highly engaging, interactive way to make your learners actually want to learn.

Read More
Blog Article

NCMA World Congress 2024: Celebrating Silver and Going for the Gold

Management Concepts was proud to be a bronze sponsor of the National Contract Management Association’s (NCMA’s) signature annual event, World Congress.

Read More
Blog Article

NCMA Nexus: Tying It All Together

The National Contract Management Association (NCMA) held its inaugural Nexus event in Jacksonville, Florida, on March 3–6, 2024.

Read More
Video

Acquisition & Contracting Training for Every Government Professional

Discover how our acquisition and contracting training helps federal professionals advance their career.

Watch
Blog Article

Supply Chain Management Best Practices In The Federal Acquisition Context

Supply chain management in the federal acquisition context involves various key procedures to ensure smooth internal and external operations.

Read More
Blog Article

How Federal AC Contractors Can Effectively Use Small Businesses for Their Needs

For federal acquisition (AC) contractors, the challenges of small business procurement, seen as an innovation, efficiency, and community impact catalyst, can create a synergy beyond the usual vendor-client relationship.

Read More
Video

Career Gateway: Acquisition

Designed for real-world success, Career Gateway: Acquisition program doesn’t just check boxes – it cultivates true competency.

Watch
Infographic

Microlearning

Learn more on how Microlearning delivers bite-sized “nuggets of knowledge,” exactly when and where you need them, boosting retention with quick bursts of focused, engaging content.

Download
Webinar

Navigating Uncertainty: Risk Management in Federal Contracting

Empower yourself with the knowledge and tools needed to navigate the complexities of risk management as part of the federal acquisition process.

Watch

Scroll to view more

chat popup