In mid-January, the General Services Administration (GSA) released their Semiannual Regulation Agenda. Within this agenda, GSA announced plans to update requirements in the General Services Administration Acquisition Regulation (GSAR)—concerning reporting cyber incidents that potentially affect GSA or its contractors.
The agency will be turning to the Federal Information Security Modernization Act of 2014 (FISMA), along with other cyber regulations, as a model on how to update its policies. These updates would be improvements to the existing cyber incident reporting policy within GSA Order CIO 9297.2—i.e. GSA Information Notification Policy. By integrating these updated policies into the GSAR, contracting officers would be required to include cyber incident reporting requirements within all of their procurement contracts. Continue Reading General Services Administration Announces Plans to Update Cybersecurity Requirements for Contractors