Photo of Michael G. Gruden, CIPP/G

Adding to the Defense Contract Management Agency’s (DCMA) new cybersecurity responsibilities, the Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment (USDAS) recently issued a memorandum titled Strategically Implementing Cybersecurity Contract Clauses that increases DCMA’s role.  The memorandum tasks DCMA with implementing a process to perform company-wide assessments of contractors’ compliance

With even DoD officials acknowledging cyber threats ranging from exfiltrating our top military secrets (“the terabyte of death” per DISA’s Director) to seizing control of SECDEF’s car to sinking Navy vessels with critical infrastructure attacks, both federal agencies and government contractors are in the pressure cooker.  For contractors, bad cybersecurity not only opens the door

In Matter of: First Fin. Assocs., Inc., B-415713, Feb. 16, 2018, the Government Accountability Office (GAO) denied a protest filed by First Financial Associates, Inc. (FFA)  against an award by the Department of Homeland Security, U.S. Secret Service (DHS/USSS) to FEEA Childcare Services, Inc. (FEEA) for the administration of a childcare subsidy program.  FFA alleged that their proposal was not evaluated consistently with the RFP’s evaluation criteria regarding the protection of personally identifiable information (PII) incident reporting requirements.
Continue Reading

The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160