Set-Aside Alert logo   
    
Federal Market Intelligence
for Small Business

Front Page Headlines | Calendar of Events | Contract Awards | Newly-Certified Firms | DoD Small Business Awards | Teaming | Procurement Watch | Past Issues |
May 21 2021    Next issue: Jun 4 2021

Biden issues far-reaching federal cybersecurity Executive Order

Focus is on info sharing, “zero trust,” software supply chain security, cyber incident reviews & logs, & more

      On May 12, President Biden released a multi-faceted executive order aimed at improving the government’s cybersecurity capabilities and response, both for agencies and for federal contractors whose internal IT systems access federal IT systems or who develop software for the government.

      The order has been described by cyber experts as ambitious and potentially effective at curbing cyber incidents such as the Solar Winds hack of government IT systems.

      “I think it's a really ambitious plan. I think it should be effective if implemented properly, which I have confidence in the team, both at my old agency as well as in the National Security Council and elsewhere,” Chris Krebs, the former top cyber official in the Trump Administration, told CBS’ “Face the Nation.”

      The EO is intended to coordinate with existing initiatives, including the Cybersecurity Maturity Model Certification (CMMC), “FedRAMP” and the National Institute of Standards and Technology publications.

      It is expected to have a broad-ranging effect on certain federal contractors.

      “If your contracts require you to access any government systems using your own internal IT systems or if you develop software for or on behalf of the government, this executive order will likely impact you,” attorneys at PilieroMazza PLLC wrote in a May 15 client alert.

      Affected contractors “should be prepared for changes in their contracts, such as requirements for increased transparency and more stringent cybersecurity incident reporting requirements,” PilieroMazza attorneys wrote.

      Here are some of the specific requirements for federal contractors. According to a White House Fact Sheet, the order will:

  • Facilitate information sharing by IT Service Providers about cybersecurity threats, and also requires the providers to share information with the government about breaches to their systems;
  • Implement stronger cybersecurity standards, supporting secure cloud services and zero-trust architecture, along with multifactor authentication and encryption, within deadlines;
  • Improve software supply chain security: The EO establishes baseline security standards for development of software sold to the government. These include transparency standards, and making security data publicly available. There also will be established a public-private process to develop “new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market,” the Fact Sheet states. Along with those developments, there will be a pilot program similar to the “Energy Star” labels that will label software based on how it ranks in meeting security standards;
  • Establish a Cybersecurity Safety Review Board, co-chaired by government and private sector officials, that meets after significant cyber breaches to analyze and make recommendations;
  • Create a standard framework for federal agencies’ cyber incident response, including a set of definitions and actions for federal agency response to cyber hacks, as well as a template for private sector response;
  • Improve detection of cybersecurity incidents on federal government networks, with a government-wide endpoint detection and response system and improved information sharing of hacks into government systems; and
  • Improve investigative and remediation capabilities with requirements for consistent event logging and review.

More Information:
Executive Order: https://bit.ly/2QqDaG9
EO Fact Sheet: https://bit.ly/3whZdhz
PilieroMazza client alert: https://bit.ly/33O9DJl
Christopher Krebs statement: https://bit.ly/3eSoGYN
Lawfare blog: https://bit.ly/33OmRWL

     

Inside this edition:

HUBZ maps frozen until 2023

PPP nearly out of loan funds

Biden issues far-reaching federal cybersecurity Executive Order

WBC oversight falls short: IG

SBA clarifies HUBZ changes

GAO upholds new SBA rule

Native-owned shut out of PPP: Cantwell

Column: GAO Confirms Another Benefit of Mentor-Protege Programs

Washington Insider:

  • GSA says “no ceiling” for Services MAC GWAC
  • Does the Runway Extension Act need a fix?
  • CIO-SP4 still on hold

Coronavirus Update


Copyright © 2021 Business Research Services Inc. All rights reserved.

Set-Aside Alert is published by
Business Research Services, Inc.
PO Box 42674
Washington DC 20015
1-202-285-0931
Fax: 877-516-0818
brspubs@sba8a.com
www.sba8a.com
hits counter