Insights

  • Home
  • Insights
  • GSA Issues New Rule Heightening Contractor Requirements Regarding Information Technology Security

Share

GSA Issues New Rule Heightening Contractor Requirements Regarding Information Technology Security

January 2012 Alert

In an effort to strengthen federal IT security, the U.S. General Services Administration has issued a final rule heightening IT security standards. The new standards apply to all prime contractors and subcontractors that provide the GSA with information technology supplies, services, or systems if the contractor will have physical or electronic access to government information that directly supports the GSA's mission.

Going forward, contractors will have 30 days after award to submit an IT Security Plan that describes the processes and procedures that will be followed to ensure proper security of IT resources and that outlines compliance with federal cybersecurity regulations. In addition, contractors must: (1) provide written proof of IT security authorization six months after award; (2) verify that the IT Security Plan remains valid on an annual basis; and (3) allow the GSA to access contractor and subcontractor facilities, operations, documents, databases, systems, and personnel to the extent required by the GSA.

Contractors who have not already done so will need to familiarize themselves with IT and cybersecurity requirements and applicable federal laws, develop a workable security plan, and create an infrastructure to continually monitor and report compliance with the GSA's requirements. This final rule could significantly affect a substantial number of small contractors and subcontractors—a fact the GSA has acknowledged.

The new rule is indicative of the federal government's general heightened awareness regarding cybersecurity. Federal contractors can expect the implementation of similar requirements across all federal procurements. Thus, contractors may wish to consider implementing or enhancing companywide security plans and should continually monitor further cybersecurity legislation and regulation.

Lawyer Contacts

For further information, please contact your principal Firm representative or one of the lawyers listed below. General email messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com.

Peter F. Garvin III
Washington
+1.202.879.5436
pgarvin@jonesday.com

Grant H. Willis
Washington
+1.202.879.3847
ghwillis@jonesday.com

Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our "Contact Us" form, which can be found on our web site at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.

You May Also Be Interested In

April 2024 Alert

Here We Go Again: U.S. Congress Reintroduces New Comprehensive Federal Privacy Law

April 2024 Alert

FDA Proposes Updated Guidance Concerning Cybersecurity of Medical Devices

April 2024 White Paper

2023 False Claims Act Enforcement in Health Care and Life Sciences, Part II

April 2024 Alert

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Before sending, please note:

Information on www.jonesday.com is for general use and is not legal advice. The mailing of this email is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.