Blog Article

National Cyber Security Awareness Month: 3 Steps to Safeguarding Your Contracts

National Cyber Security Awareness Month: 3 Steps to Safeguarding Your Contracts icon

As another government fiscal year comes to a close, agencies are moving to the execution phase.  For contracts that involve cybersecurity elements, acquisition planning, and contract administration have become increasingly more complex with the recent laws and regulations governing cybersecurity.  With October designated as National Cyber Security Awareness Month, this is a perfect opportunity to review current and new contracts and self-audit existing cybersecurity management practices.

In a panel discussion at the New York Times 2015 DealBook Conference, IBM CEO, Ginni Rometty, predicted that “Cyber crime is the greatest threat to every company in the world.”  With data breaches such as the U.S. Office of Personnel Management and the recent Equifax hacks, major attacks have become a common occurrence.  Larger-scale breaches gain media attention due to the millions of records that are comprised.  However, “smaller” attacks, such as those involving identity theft, happen every day and can lead to the devastating data leaks that impact a majority of the population.

Contracting professionals are the cybersecurity gatekeepers of the Federal acquisition process.  Cyber criminals know this and are constantly looking for ways to exploit vulnerabilities.  How can contracting professionals safeguard their contracts and do their part to practice good cybersecurity management?  Here are three suggestions.

Step 1:  Compile a Checklist

Contracting professionals are responsible for certifying that cybersecurity requirements have been met and keeping contracts secure.  Focusing on relationships with key individuals in all relevant areas of the organization is one way to contribute to cybersecurity management.  Creating a checklist of questions can serve as an overview as well as a conversation starter for establishing those key relationships.  Questions can include:

  • What kind of data do we store? Process? Transmit?
  • Who has access to the data?
  • What kind of cybersecurity training do we provide to our staff?
  • Do we have a written incident response plan? When and how is it tested?
  • Who is responsible for maintenance of our information systems?

Knowing the answers to these questions better prepares contracting professionals to handle potential cyber threats.

Step 2:  Know Which Rules and Regulations Apply

The axiom “an ounce of prevention is worth a pound of cure” rings true especially during the acquisition planning phase.  For contracts governed by cybersecurity laws and regulations, knowing which ones apply is a crucial step to securing contracts.  Today, there are three main Federal cybersecurity regulations:

There are also key FAR (FAR 52.239-1 and 52.204.21) and DFARS (DFARS 252.204-7012, 252.204-7008, 252.204-7009, and 252.239.7010) clauses that contracting professionals should be aware of, as well as reporting requirements that are associated with certain provisions.  Keeping track of the ever-changing cybersecurity landscape can become a full-time, but necessary, job.

Step 3:  Be Vigilant

Cyber criminals are constantly looking for vulnerabilities and ways to infiltrate systems.  Finding out who the contracting professional is on large-dollar procurements does not require much effort, especially if the solicitation is posted on FedBizOps.  That could make the individual an easy target.  As gatekeepers of the acquisition process, contracting professionals can do their part by knowing who in their organization is responsible for network security, reporting any suspicious activity, validating all requests for data before providing information, creating complex passwords and keeping them secure, being mindful of what gets posted on social media, and separating business and personal accounts.  Although we’ve heard these practical security tips before, they bear repeating especially since cyber attacks are on the rise.

Interested in knowing what other steps are needed to safeguard contracts?  Learn effective cybersecurity risk management practices and how to assess cyber risk to ensure compliance throughout the contracting cycle.

Related Resources

See All
Blog Article

NCMA World Congress 2024: Celebrating Silver and Going for the Gold

Management Concepts was proud to be a bronze sponsor of the National Contract Management Association’s (NCMA’s) signature annual event, World Congress. Over 3,000 attendees gathered together in Seattle, Washington, with an additional 1,500 joining virtually during…

Read More
Blog Article

NCMA Nexus: Tying It All Together

The National Contract Management Association (NCMA) held its inaugural Nexus event in Jacksonville, Florida, on March 3–6, 2024. Nexus drew hundreds of attendees both on-site and online, getting this new venture off to an energetic start. The concept…

Read More
Video

Acquisition & Contracting Training for Every Government Professional

Discover how our acquisition and contracting training helps federal professionals advance their career.

Watch
Blog Article

Supply Chain Management Best Practices In The Federal Acquisition Context

Supply chain management in the federal acquisition context involves various key procedures to ensure smooth internal and external operations. Steps like planning, sourcing, procurement, logistics, and management of goods and services play a crucial role in supply chain management. Carrying out these…

Read More
Blog Article

How Federal AC Contractors Can Effectively Use Small Businesses for Their Needs

For federal acquisition (AC) contractors, the challenges of small business procurement, seen as an innovation, efficiency, and community impact catalyst, can create a synergy beyond the usual vendor-client relationship. The result is an ecosystem that flourishes with agility, fresh viewpoints,…

Read More
Video

Career Gateway: Acquisition

Designed for real-world success, Career Gateway: Acquisition program doesn’t just check boxes – it cultivates true competency. Dive deep into seven key elements driving performance outcomes, from technical know-how to critical thinking and leadership skills. Gain expertise in Federal…

Watch
Infographic

Microlearning

Learn more on how Microlearning delivers bite-sized “nuggets of knowledge,” exactly when and where you need them, boosting retention with quick bursts of focused, engaging content.

Download
Webinar

Navigating Uncertainty: Risk Management in Federal Contracting

Empower yourself with the knowledge and tools needed to navigate the complexities of risk management as part of the federal acquisition process.

Watch
Blog Article

A Federal Acquisition Professional’s Introduction to Project Lifecycle Activities

The Federal Acquisition Certification for Program and Project Managers (FAC-P/PM) is a professional certification program designed to enhance the acquisition and project management skills of federal employees involved in planning, acquiring, and managing various projects. The program’s core structure encompasses a…

Read More
Blog Article

The Role of Acquisition in Supply Chain Management

Explore how effective acquisition strategies, from strategic sourcing to vendor relationships, reduce costs, improve quality, and enhance competitive advantage in supply chain management.

Read More

Scroll to view more