Cybersecurity services soon will be available under new common provisions of the Multiple Award Schedule (MAS) Program administered by the General Services Administration (GSA). The MAS Program is the primary means to sell commercial products and services to federal agencies.

GSA announced the new provisions this week. In mid-August 2016, GSA issued a draft solicitation and engaged in industry outreach to explain the changes to the current ordering system, in which companies sell such services under a variety of provisions. GSA is now rolling out the new process, which will be available for use in October 2016. These changes will facilitate agency ordering of critical cybersecurity services.
Continue Reading

Back in August 2015, DoD issued an interim rule, which was effective immediately (and was previously discussed on this blog), imposing substantial new requirements on government contractors with respect to reporting information system network penetrations—and providing new cloud computing requirements. Six weeks later, DoD issued a class deviation giving contractors more time to

A few days ago, on August 26, DoD issued new interim rules amending the Defense Federal Acquisition Regulations (DFARS) with respect to “network penetration reporting and contracting for cloud services.” The new rules, which are now effective, revise several broadly applicable definitions applicable to numerous parts of the DFARS, expand the incident reporting requirements applicable to contractors, and impose security requirements applicable to cloud computing. DoD contractors need to understand these important new rules, which are summarized here, so that they can perform necessary compliance planning and make any necessary disclosures.
Continue Reading