What are the Cybersecurity Requirements for Government Contractors?

 Photo by {artist}/{collectionName} / Getty Images

Photo by {artist}/{collectionName} / Getty Images

A Quick Reminder for Government Contractors

Government contractors normally deal with sensitive information while they are doing their job. This makes them at risk of cyber-attacks. This is why the government has taken steps to make sure that companies strengthen their security protocols to guard data. The cybersecurity requirements for federal contracting are stated in the Federal Acquisition Regulation (FAR) and DoD FAR Supplement (DFARS).

FAR Government Contracting Compliance Requirements

The FAR mandates government contractors to comply with fifteen requirements for protecting federal contract information. These are similar to the requirements stated in NIST SP 800-171.

1.    Restrict access of information system to authorized users, and processes or devices acting in behalf of authorized users only.

2.    Restrict access of information systems to transactions and functions in which authorized users are allowed to execute.

3.    Check and limit connections to external information systems.

4.    Limit the information published or processed in information systems that are accessible to the public.

5.    Ensure that information system users, and processes or devices acting on behalf of users are properly identified.

6.    Verify the identities of users, devices and processes prior to giving access to information systems.

7.    Remove or destroy federal contracting information found in information system media prior to disposal or reuse.

8.    Restrict physical access to information systems, operating environment or equipment to authorized persons only.

9.    Monitor physical access and visitor activity to devices and information systems.

10. Monitor, control, and safeguard organizational communications.

11. Create subnetworks for public system components that are separate from internal networks.

12. Identify, correct and report flaws in the information system in a timely manner.

13. Protect the organizational information systems from malicious codes.

14. Ensure that protection mechanisms are updated.

15. Scan the information system periodically. Files that are downloaded or accessed from external sources should be scanned in real-time.

DFARS Government Contracting Compliance Requirements

The DFARS is applicable to prevailing wage contractors that handle “covered defense information”. Those who are covered by this regulation must comply with the NIST SP 800-171 on or before December 31, 2017. External cloud service providers must be approved by the FedRAMP Moderate prior to being used.

Get Government Contracting Tips from ARCHER JORDAN

Aside from cybersecurity requirements, government contractors should also comply with prevailing wage requirements. ARCHER JORDAN is an expert in this field. Consult us today!