Congress currently is considering various cybersecurity bills. While Congress debates cyber legislation, the executive agencies are adopting regulations governing how government contractors handle contract-related information either residing on or transiting through their computer systems.
As described below, if your company contracts with the General Services Administration (GSA), and has access to government information, you may already be required to have an IT security plan and to be a certified provider. Department of Defense (DOD) contractors should expect even more stringent regulations to be finalized in 2012, which could restrict even a company’s internal access policies and practices.
This memorandum provides an overview of the regulatory scheme imposed on GSA contractors and previews the requirements expected to be implemented by DOD. If requested, we would be happy to provide additional detail on the regulatory requirements.