SlideShare uma empresa Scribd logo

GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Federal Procurement

Patton Boggs LLP
Patton Boggs LLP
NegóciosNotícias e política
1 de 5
Baixar para ler offline
PattonBoggs.com Government Contracts and Homeland Security Client Alert 1 MAY 16, 2013 This Alert provides only general information and should not be relied upon as legal advice. This Alert may be considered attorney advertising under court and bar rules in certain jurisdictions. For more information, contact your Patton Boggs LLP attorney or the authors listed below. MARY BETH BOSCO mbbosco@pattonboggs.com ABU DHABI ANCHORAGE DALLAS DENVER DOHA DUBAI NEW JERSEY NEW YORK RIYADH WASHINGTON DC GOVERNMENT CONTRACTS AND HOMELAND SECURITY CLIENT ALERT GSA SEEKS INDUSTRY COMMENTS ON HOW BEST TO INCORPORATE CYBERSECURITY INTO FEDERAL PROCUREMENT President Obama’s February 12, 2013 Executive Order (“EO”) titled, “Improving Critical Infrastructure Cybersecurity,” defined the framework for improving the security of computer networks based on the designation of 16 areas of critical infrastructure. The EO also initiated a process to incorporate cybersecurity standards into federal procurement award and contract administration decisions. EO Section 8(e) instructed the Department of Defense (“DoD”), the General Services Administration (“GSA”), and the Federal Acquisition Regulatory Council (“FAR” Council”) to make recommendations on the “feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.” The recommendations must also address steps to harmonize existing procurement regulations related to cybersecurity. The EO gave DoD, GSA and the FAR Council 120 days to accomplish these tasks. On May 12, 2013, GSA, on behalf of DoD, the Department of Homeland Security, and the FAR Council, published a Request for Information (“RFI”) seeking industry’s input in framing the response to the EO’s directive to incorporate cybersecurity standards into federal procurement decisions. Industry comments are due on June 12, 2013. The RFI contains a list of 37 questions on which GSA seeks input. The questions fall into three categories. First, GSA is asking industry to comment on the best means to incorporate cybersecurity protections into the procurement process, including which types of contract – cost v. fixed price – and evaluation schemes – best value or low cost technically acceptable – will result in the optimum balance between cost, barriers to entry, and ultimate risk. The second group of questions is designed to elicit information on commercial best practices. For example, one
PattonBoggs.com Government Contracts and Homeland Security Client Alert 2 question asks whether accepted risk analysis frameworks exist in various industry sectors for purposes of determining whether cybersecurity should be included as an evaluation factor in a procurement. The final group of questions seeks information as to conflicts in existing laws, policies, practices and contract terms regarding cybersecurity and methods to address the conflicts. The RFI presents the affected industry with an early opportunity to have real input into, and perhaps shape, the federal government’s efforts to incorporate cybersecurity considerations in solicitation specifications, evaluation factors, and contract performance. The 37 questions are sufficiently wide-ranging so as to offer any stakeholder the chance to place its viewpoint squarely before the government. GSA’S LIST OF QUESTIONS Feasibility and Federal Acquisition: In general, DoD and GSA seek input about the feasibility of incorporating cybersecurity standards into federal acquisitions. For example: 1. What is the most feasible method to incorporate cybersecurity-relevant standards in acquisition planning and contract administration? What are the cost and other resource implications for the federal acquisition system stakeholders? 2. How can the federal acquisition system, given its inherent constraints and the current fiscal realities, best use incentives to increase cybersecurity amongst federal contractors and suppliers at all tiers? How can this be accomplished while minimizing barriers to entry to the federal market? 3. What are the implications of imposing a set of cybersecurity baseline standards and implementing an associated accreditation program? 4. How can cybersecurity be improved using standards in acquisition planning and contract administration? 5. What are the greatest challenges in developing a cross-sector standards based approach to cybersecurity risk analysis and mitigation process for the federal acquisition system? 6. What is the appropriate balance between the effectiveness and feasibility of implementing baseline security requirements for all businesses? 7. How can the government increase cybersecurity in federal acquisitions while minimizing barriers to entry?
PattonBoggs.com Government Contracts and Homeland Security Client Alert 3 8. Are there specific categories of acquisitions to which federal cybersecurity standards should (or should not) apply? 9. Beyond the general duty to protect government information in federal contracts, what greater levels of security should be applied to which categories of federal acquisition or sectors of commerce? 10. How can the federal government change its acquisition practices to ensure the risk owner (typically the end user) makes the critical decisions about that risk throughout the acquisition lifecycle? 11. How do contract type (e.g., firm fixed price, time and materials, cost-plus, etc.) and source selection method (e.g., lowest price technically acceptable, best value, etc.) affect your organization’s cybersecurity risk definition and assessment in federal acquisitions? 12. How would you recommend the government evaluate the risk from companies, products, or services that do not comply with cybersecurity standards? Commercial Practices: In general, DoD and GSA seek information about commercial procurement practices related to cybersecurity. For example: 13. To what extent do any commonly used commercial standards fulfill federal requirements for your sector? 14. Is there a widely accepted risk analysis framework that is used within your sector that the federal acquisition community could adapt to help determine which acquisitions should include the requirement to apply cybersecurity standards? 15. Describe your organization’s policies and procedures for governing cybersecurity risk. How does senior management communicate and oversee these policies and procedures? How has this affected your organization’s procurement activities? 16. Does your organization use ‘‘preferred’’ or ‘‘authorized’’ suppliers or resellers to address cybersecurity risk? How are the suppliers identified and utilized? 17. What tools are you using to brief cybersecurity risks in procurement to your organization’s management? 18. What performance metrics and goals do organizations adopt to ensure their ability to manage cybersecurity risk in procurement and maintain the ability to provide essential services?
PattonBoggs.com Government Contracts and Homeland Security Client Alert 4 19. Is your organization a preferred supplier to any customers that require adherence to cybersecurity standards for procurement? What are the requirements to obtain preferred supplier status with this customer? 20. What procedures or assessments does your organization have in place to vet and approve vendors from the perspective of cybersecurity risk? 21. How does your organization handle and address cybersecurity incidents that occur in procurements? Do you aggregate this information for future use? How do you use it? 22. What mechanisms does your organization have in place for the secure exchange of information and data in procurements? 23. Does your organization have a procurement policy for the disposal for hardware and software? 24. How does your organization address new and emerging threats or risks in procurement for private sector commercial transactions? Is this process the same or different when performing a federal contract? Explain. 25. Within your organization’s corporate governance structure, where is cyber risk management located (e.g., CIO, CFO, Risk Executive)? 26. If applicable, does your Corporate Audit/Risk Committee examine retained risks from cyber and implement special controls to mitigate those retained risks? 27. Are losses from cyber risks and breaches treated as a cost of doing business? 28. Does your organization have evidence of a common set of information security standards (e.g., written guidelines, operating manuals, etc)? 29. Does your organization disclose vulnerabilities in your product/services to your customers as soon as they become known? Why or why not? 30. Does your organization have track-and-trace capabilities and/or the means to establish the provenance of products/services throughout your supply chain? 31. What testing and validation practices does your organization currently use to ensure security and reliability of products it purchases?
PattonBoggs.com Government Contracts and Homeland Security Client Alert 5 Harmonization: In general, DoD and GSA seek information about any conflicts in statutes, regulations, policies, practices, contractual terms and conditions, or acquisition processes affecting federal acquisition requirements related to cybersecurity and how the federal government might address those conflicts. For example: 32. What cybersecurity requirements that affect procurement in the United States (e.g., local, state, federal, and other) has your organization encountered? What are the conflicts in these requirements, if any? How can any such conflicts best be harmonized or deconflicted? 33. What role, in your organization’s view, should national/international standards organizations play in cybersecurity in federal acquisitions? 34. What cybersecurity requirements that affect your organization’s procurement activities outside of the United States (e.g., local, state, national, and other) has your organization encountered? What are the conflicts in these requirements, if any? How can any such conflicts best be harmonized or deconflicted with current or new requirements in the United States? 35. Are you required by the terms of contracts with federal agencies to comply with unnecessarily duplicative or conflicting cybersecurity requirements? Please provide details. 36. What policies, practices, or other acquisition processes should the federal government change in order to achieve cybersecurity in federal acquisitions? 37. Has your organization recognized competing interests amongst procurement security standards in the private sector? How has your company reconciled these competing or conflicting standards?

Recomendados

DoD Implements Broad Cybersecurity Information–Sharing Program
DoD Implements Broad Cybersecurity Information–Sharing Program DoD Implements Broad Cybersecurity Information–Sharing Program
DoD Implements Broad Cybersecurity Information–Sharing Program Patton Boggs LLP
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...NationalUnderwriter
 
DKapellmann_Security Compliance Models
DKapellmann_Security Compliance ModelsDKapellmann_Security Compliance Models
DKapellmann_Security Compliance ModelsDaniel Kapellmann Zafra
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSJSchaus & Associates
 
Cyber security market
Cyber security market Cyber security market
Cyber security market Sidhant Kale
 

Recomendados

DoD Implements Broad Cybersecurity Information–Sharing Program
DoD Implements Broad Cybersecurity Information–Sharing Program DoD Implements Broad Cybersecurity Information–Sharing Program
DoD Implements Broad Cybersecurity Information–Sharing Program Patton Boggs LLP
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...New York State Department of Financial Services Expands Its Cyber Focus to In...
New York State Department of Financial Services Expands Its Cyber Focus to In...NationalUnderwriter
 
DKapellmann_Security Compliance Models
DKapellmann_Security Compliance ModelsDKapellmann_Security Compliance Models
DKapellmann_Security Compliance ModelsDaniel Kapellmann Zafra
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
How GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementHow GDPR Guidelines Regulate Marketing Automation and Customer Engagement
How GDPR Guidelines Regulate Marketing Automation and Customer EngagementRay Business Technologies
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSJSchaus & Associates
 
Cyber security market
Cyber security market Cyber security market
Cyber security market Sidhant Kale
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7
 
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...poojatmr
 
Cyber security market 1
Cyber security market 1Cyber security market 1
Cyber security market 1Sidhant Kale
 
B crisis
B crisisB crisis
B crisisJose Patrick
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
CIOReview
CIOReviewCIOReview
CIOReviewTeri Cotton Santos, JD
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
goPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review SoftwaregoPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review SoftwareAlain Nkoyock
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainShawn Brown
 
Your Third-Party Vendor's Risk Is Your Risk, Too
Your Third-Party Vendor's Risk Is Your Risk, Too Your Third-Party Vendor's Risk Is Your Risk, Too
Your Third-Party Vendor's Risk Is Your Risk, Too MHM (Mayer Hoffman McCann P.C.)
 
Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013Patton Boggs LLP
 
December 2012 Insights
December 2012 InsightsDecember 2012 Insights
December 2012 InsightsPatton Boggs LLP
 
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy Patton Boggs LLP
 
Insights ~ October 2012
Insights ~ October 2012Insights ~ October 2012
Insights ~ October 2012Patton Boggs LLP
 
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...Patton Boggs LLP
 

Mais conteúdo relacionado

Mais procurados

Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7
 
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...poojatmr
 
Cyber security market 1
Cyber security market 1Cyber security market 1
Cyber security market 1Sidhant Kale
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsPatton Boggs LLP
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Jason Glass, CFA, CISSP
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
goPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review SoftwaregoPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review SoftwareAlain Nkoyock
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementGrant Thornton LLP
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainShawn Brown
 

Mais procurados (17)

Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
 
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
Managed Security Service Market - Industry Current Trends, Opportunities & Ch...
 
Cyber security market 1
Cyber security market 1Cyber security market 1
Cyber security market 1
 
B crisis
B crisisB crisis
B crisis
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Cybersecurity 101: Government Contracts
Cybersecurity 101: Government ContractsCybersecurity 101: Government Contracts
Cybersecurity 101: Government Contracts
 
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
Wollmuth Maher & Deutsch LLP -Takeaways From The SEC Cybersecurity Examinatio...
 
CIOReview
CIOReviewCIOReview
CIOReview
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
goPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review SoftwaregoPRS Folder - Public Procurement Review Software
goPRS Folder - Public Procurement Review Software
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the Standard
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Chief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk managementChief Audit Execs speak out: Cybersecurity & risk management
Chief Audit Execs speak out: Cybersecurity & risk management
 
How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPR
 
Digital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychainDigital defence ds-vciso-supplychain
Digital defence ds-vciso-supplychain
 
Your Third-Party Vendor's Risk Is Your Risk, Too
Your Third-Party Vendor's Risk Is Your Risk, Too Your Third-Party Vendor's Risk Is Your Risk, Too
Your Third-Party Vendor's Risk Is Your Risk, Too
 

Destaque

Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013Patton Boggs LLP
 
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy Patton Boggs LLP
 
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...Patton Boggs LLP
 
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...Patton Boggs LLP
 
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...Patton Boggs LLP
 

Destaque (7)

Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013Patton Boggs Employment Law Insight ~ June 2013
Patton Boggs Employment Law Insight ~ June 2013
 
December 2012 Insights
December 2012 InsightsDecember 2012 Insights
December 2012 Insights
 
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
Privacy Client Alert: FTC Issues Preliminary Staff Report on Privacy
 
Insights ~ October 2012
Insights ~ October 2012Insights ~ October 2012
Insights ~ October 2012
 
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
Summary and Analysis: Obama Administration Report to Congress on GSE Reform: ...
 
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...
2012 Post-Election Analysis - A Narrowly Divided Electorate Has Spoken: How W...
 
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...
Tax, Benefits and Nonprofit Organizations Alert: American Taxpayer Relief Act...
 

Semelhante a GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Federal Procurement

Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapEstelaJeffery653
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxRunning head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxjoellemurphey
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive OrderBooz Allen Hamilton
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Wendy Knox Everette
 
Enterprise digital rights management market
Enterprise digital rights management marketEnterprise digital rights management market
Enterprise digital rights management marketAlishaAgrawal2
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Daniel Message
 
Understanding Binding Corporate Rules
Understanding Binding Corporate RulesUnderstanding Binding Corporate Rules
Understanding Binding Corporate RulesJan Dhont
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance reportBee_Ware
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report- Mark - Fullbright
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Are NIST standards clouding the implementation of HIPAA security risk assessm...
Are NIST standards clouding the implementation of HIPAA security risk assessm...Are NIST standards clouding the implementation of HIPAA security risk assessm...
Are NIST standards clouding the implementation of HIPAA security risk assessm...David Sweigert
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 

Semelhante a GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Federal Procurement (20)

GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
CHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chapCHAPTER 3 Security Policies and Regulations In this chap
CHAPTER 3 Security Policies and Regulations In this chap
 
crucet1crucet2crucet
crucet1crucet2crucetcrucet1crucet2crucet
crucet1crucet2crucet
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docxRunning head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
Running head CONTRACT CLOSEOUT 1CONTRACT CLOSEOUT 16.docx
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
The Cybersecurity Executive Order
The Cybersecurity Executive OrderThe Cybersecurity Executive Order
The Cybersecurity Executive Order
 
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
Regulatory Nets vs the Fishing Hook of Litigation - BSides Las Vegas 2017
 
Enterprise digital rights management market
Enterprise digital rights management marketEnterprise digital rights management market
Enterprise digital rights management market
 
Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?Cyber security reguations: The shape of things to come for captives?
Cyber security reguations: The shape of things to come for captives?
 
Understanding Binding Corporate Rules
Understanding Binding Corporate RulesUnderstanding Binding Corporate Rules
Understanding Binding Corporate Rules
 
Verizon 2014 pci compliance report
Verizon 2014 pci compliance reportVerizon 2014 pci compliance report
Verizon 2014 pci compliance report
 
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance ReportVerizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Are NIST standards clouding the implementation of HIPAA security risk assessm...
Are NIST standards clouding the implementation of HIPAA security risk assessm...Are NIST standards clouding the implementation of HIPAA security risk assessm...
Are NIST standards clouding the implementation of HIPAA security risk assessm...
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 

Mais de Patton Boggs LLP

Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Patton Boggs LLP
 
Update: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActUpdate: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActPatton Boggs LLP
 
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Patton Boggs LLP
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Patton Boggs LLP
 
American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...Patton Boggs LLP
 
Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Patton Boggs LLP
 
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesSupreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesPatton Boggs LLP
 
FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"Patton Boggs LLP
 
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityPatton Boggs LLP
 
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16Patton Boggs LLP
 
Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Patton Boggs LLP
 
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustThe U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustPatton Boggs LLP
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...Patton Boggs LLP
 
Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Patton Boggs LLP
 
Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Patton Boggs LLP
 
CFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsCFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsPatton Boggs LLP
 
Australia Elects a New Federal Government
Australia Elects a New Federal GovernmentAustralia Elects a New Federal Government
Australia Elects a New Federal GovernmentPatton Boggs LLP
 
"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013Patton Boggs LLP
 
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosureU.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosurePatton Boggs LLP
 

Mais de Patton Boggs LLP (20)

Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
Crimea: U.S. Response Intensifies As Congress, President Obama Issue More San...
 
Update: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care ActUpdate: Employer Responsibilities Under the Affordable Care Act
Update: Employer Responsibilities Under the Affordable Care Act
 
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
Crimea: U.S. Executive Actions and Legal Implications of Overlapping Global S...
 
Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...Protecting Patient Information - Feds Find Security Lapses in State and Local...
Protecting Patient Information - Feds Find Security Lapses in State and Local...
 
American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...American University International Law Review Annual Symposium: Managing the G...
American University International Law Review Annual Symposium: Managing the G...
 
Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014Reinsurance Newsletter - March 2014
Reinsurance Newsletter - March 2014
 
Social Impact Bonds
Social Impact BondsSocial Impact Bonds
Social Impact Bonds
 
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent CasesSupreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
Supreme Court Agrees to Hear Two Cases on Attorneys' Fees in Patent Cases
 
FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"FTC Announces Study of "Patent Assertion Entities"
FTC Announces Study of "Patent Assertion Entities"
 
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of AuthorityALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
ALJ Ruling on Heart Attack Reporting Requirements Creates Split of Authority
 
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16New TCPA Requirements for "Prior Express Written Consent" Effective October 16
New TCPA Requirements for "Prior Express Written Consent" Effective October 16
 
Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013Reinsurance Newsletter ~ September 2013
Reinsurance Newsletter ~ September 2013
 
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible DustThe U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
The U.S. Chemical Safety Board to OSHA: Get to Work on Combustible Dust
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
 
Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013Capital Thinking ~ July 29, 2013
Capital Thinking ~ July 29, 2013
 
Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013Capital Thinking ~ July 22, 2013
Capital Thinking ~ July 22, 2013
 
CFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked QuestionsCFTC Cross-Border Guidance Frequently Asked Questions
CFTC Cross-Border Guidance Frequently Asked Questions
 
Australia Elects a New Federal Government
Australia Elects a New Federal GovernmentAustralia Elects a New Federal Government
Australia Elects a New Federal Government
 
"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013"Advance Australia Fair" - The Australian Federal Election 2013
"Advance Australia Fair" - The Australian Federal Election 2013
 
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay DisclosureU.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
U.S. Securities and Exchange Commission Proposes New Rule on Pay Disclosure
 

Último

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 

Último (20)

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 

GSA Seeks Industry Comments on How Best to Incorporate Cybersecurity into Federal Procurement

  • 1. PattonBoggs.com Government Contracts and Homeland Security Client Alert 1 MAY 16, 2013 This Alert provides only general information and should not be relied upon as legal advice. This Alert may be considered attorney advertising under court and bar rules in certain jurisdictions. For more information, contact your Patton Boggs LLP attorney or the authors listed below. MARY BETH BOSCO mbbosco@pattonboggs.com ABU DHABI ANCHORAGE DALLAS DENVER DOHA DUBAI NEW JERSEY NEW YORK RIYADH WASHINGTON DC GOVERNMENT CONTRACTS AND HOMELAND SECURITY CLIENT ALERT GSA SEEKS INDUSTRY COMMENTS ON HOW BEST TO INCORPORATE CYBERSECURITY INTO FEDERAL PROCUREMENT President Obama’s February 12, 2013 Executive Order (“EO”) titled, “Improving Critical Infrastructure Cybersecurity,” defined the framework for improving the security of computer networks based on the designation of 16 areas of critical infrastructure. The EO also initiated a process to incorporate cybersecurity standards into federal procurement award and contract administration decisions. EO Section 8(e) instructed the Department of Defense (“DoD”), the General Services Administration (“GSA”), and the Federal Acquisition Regulatory Council (“FAR” Council”) to make recommendations on the “feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration.” The recommendations must also address steps to harmonize existing procurement regulations related to cybersecurity. The EO gave DoD, GSA and the FAR Council 120 days to accomplish these tasks. On May 12, 2013, GSA, on behalf of DoD, the Department of Homeland Security, and the FAR Council, published a Request for Information (“RFI”) seeking industry’s input in framing the response to the EO’s directive to incorporate cybersecurity standards into federal procurement decisions. Industry comments are due on June 12, 2013. The RFI contains a list of 37 questions on which GSA seeks input. The questions fall into three categories. First, GSA is asking industry to comment on the best means to incorporate cybersecurity protections into the procurement process, including which types of contract – cost v. fixed price – and evaluation schemes – best value or low cost technically acceptable – will result in the optimum balance between cost, barriers to entry, and ultimate risk. The second group of questions is designed to elicit information on commercial best practices. For example, one
  • 2. PattonBoggs.com Government Contracts and Homeland Security Client Alert 2 question asks whether accepted risk analysis frameworks exist in various industry sectors for purposes of determining whether cybersecurity should be included as an evaluation factor in a procurement. The final group of questions seeks information as to conflicts in existing laws, policies, practices and contract terms regarding cybersecurity and methods to address the conflicts. The RFI presents the affected industry with an early opportunity to have real input into, and perhaps shape, the federal government’s efforts to incorporate cybersecurity considerations in solicitation specifications, evaluation factors, and contract performance. The 37 questions are sufficiently wide-ranging so as to offer any stakeholder the chance to place its viewpoint squarely before the government. GSA’S LIST OF QUESTIONS Feasibility and Federal Acquisition: In general, DoD and GSA seek input about the feasibility of incorporating cybersecurity standards into federal acquisitions. For example: 1. What is the most feasible method to incorporate cybersecurity-relevant standards in acquisition planning and contract administration? What are the cost and other resource implications for the federal acquisition system stakeholders? 2. How can the federal acquisition system, given its inherent constraints and the current fiscal realities, best use incentives to increase cybersecurity amongst federal contractors and suppliers at all tiers? How can this be accomplished while minimizing barriers to entry to the federal market? 3. What are the implications of imposing a set of cybersecurity baseline standards and implementing an associated accreditation program? 4. How can cybersecurity be improved using standards in acquisition planning and contract administration? 5. What are the greatest challenges in developing a cross-sector standards based approach to cybersecurity risk analysis and mitigation process for the federal acquisition system? 6. What is the appropriate balance between the effectiveness and feasibility of implementing baseline security requirements for all businesses? 7. How can the government increase cybersecurity in federal acquisitions while minimizing barriers to entry?
  • 3. PattonBoggs.com Government Contracts and Homeland Security Client Alert 3 8. Are there specific categories of acquisitions to which federal cybersecurity standards should (or should not) apply? 9. Beyond the general duty to protect government information in federal contracts, what greater levels of security should be applied to which categories of federal acquisition or sectors of commerce? 10. How can the federal government change its acquisition practices to ensure the risk owner (typically the end user) makes the critical decisions about that risk throughout the acquisition lifecycle? 11. How do contract type (e.g., firm fixed price, time and materials, cost-plus, etc.) and source selection method (e.g., lowest price technically acceptable, best value, etc.) affect your organization’s cybersecurity risk definition and assessment in federal acquisitions? 12. How would you recommend the government evaluate the risk from companies, products, or services that do not comply with cybersecurity standards? Commercial Practices: In general, DoD and GSA seek information about commercial procurement practices related to cybersecurity. For example: 13. To what extent do any commonly used commercial standards fulfill federal requirements for your sector? 14. Is there a widely accepted risk analysis framework that is used within your sector that the federal acquisition community could adapt to help determine which acquisitions should include the requirement to apply cybersecurity standards? 15. Describe your organization’s policies and procedures for governing cybersecurity risk. How does senior management communicate and oversee these policies and procedures? How has this affected your organization’s procurement activities? 16. Does your organization use ‘‘preferred’’ or ‘‘authorized’’ suppliers or resellers to address cybersecurity risk? How are the suppliers identified and utilized? 17. What tools are you using to brief cybersecurity risks in procurement to your organization’s management? 18. What performance metrics and goals do organizations adopt to ensure their ability to manage cybersecurity risk in procurement and maintain the ability to provide essential services?
  • 4. PattonBoggs.com Government Contracts and Homeland Security Client Alert 4 19. Is your organization a preferred supplier to any customers that require adherence to cybersecurity standards for procurement? What are the requirements to obtain preferred supplier status with this customer? 20. What procedures or assessments does your organization have in place to vet and approve vendors from the perspective of cybersecurity risk? 21. How does your organization handle and address cybersecurity incidents that occur in procurements? Do you aggregate this information for future use? How do you use it? 22. What mechanisms does your organization have in place for the secure exchange of information and data in procurements? 23. Does your organization have a procurement policy for the disposal for hardware and software? 24. How does your organization address new and emerging threats or risks in procurement for private sector commercial transactions? Is this process the same or different when performing a federal contract? Explain. 25. Within your organization’s corporate governance structure, where is cyber risk management located (e.g., CIO, CFO, Risk Executive)? 26. If applicable, does your Corporate Audit/Risk Committee examine retained risks from cyber and implement special controls to mitigate those retained risks? 27. Are losses from cyber risks and breaches treated as a cost of doing business? 28. Does your organization have evidence of a common set of information security standards (e.g., written guidelines, operating manuals, etc)? 29. Does your organization disclose vulnerabilities in your product/services to your customers as soon as they become known? Why or why not? 30. Does your organization have track-and-trace capabilities and/or the means to establish the provenance of products/services throughout your supply chain? 31. What testing and validation practices does your organization currently use to ensure security and reliability of products it purchases?
  • 5. PattonBoggs.com Government Contracts and Homeland Security Client Alert 5 Harmonization: In general, DoD and GSA seek information about any conflicts in statutes, regulations, policies, practices, contractual terms and conditions, or acquisition processes affecting federal acquisition requirements related to cybersecurity and how the federal government might address those conflicts. For example: 32. What cybersecurity requirements that affect procurement in the United States (e.g., local, state, federal, and other) has your organization encountered? What are the conflicts in these requirements, if any? How can any such conflicts best be harmonized or deconflicted? 33. What role, in your organization’s view, should national/international standards organizations play in cybersecurity in federal acquisitions? 34. What cybersecurity requirements that affect your organization’s procurement activities outside of the United States (e.g., local, state, national, and other) has your organization encountered? What are the conflicts in these requirements, if any? How can any such conflicts best be harmonized or deconflicted with current or new requirements in the United States? 35. Are you required by the terms of contracts with federal agencies to comply with unnecessarily duplicative or conflicting cybersecurity requirements? Please provide details. 36. What policies, practices, or other acquisition processes should the federal government change in order to achieve cybersecurity in federal acquisitions? 37. Has your organization recognized competing interests amongst procurement security standards in the private sector? How has your company reconciled these competing or conflicting standards?