Pentagon Considers Cybersecurity Certification for Its Contractors

In cybersecurity, you’re only as strong as your weakest link. For the Defense Department, the area with the fewest cyber protections are the defense contractors the department works with, particularly the small businesses that don’t have the expertise or resources to build a robust security posture.

The Pentagon put together a task force to assess whether small businesses within the defense industrial base are complying with the cybersecurity framework published by the National Institute of Standards and Technology and provide assistance to companies that need help.

The department issued a new rule last year requiring vendors to show that they are in compliance with NIST standards or have a plan to get there quickly. Those plans were due Jan. 1.

Continue reading:

Memorandum from the Office of the Under Secretary of Defense

SUBJECT: Class Deviation – Limitation on Subcontracting for Small Business

Effective immediately, contracting officers shall follow the procedures provided in this class deviation when issuing solicitations and awarding contracts or rask or delivery orders under FAR part 19 to –

  • Small business concerns;
  • 8(a) Program participants;
  • Historically Underutilized Business Zone (HUBZone) small business concerns;
  • Service- disabled veteran-owned small business (SDVOSB) concerns;
  • Economically disadvantaged women-owned small business (EDWOSB) concerns; and
  • Women-owned small business (WOSB) concerns eligible under the WOSB Program.

The following procedures under the attached deviation clauses implement revisions made by the Small Business Administration to its regulation. These revisions changed and standardized the limitations on subcontracting and the nonmanufacturer rule with which small businesses must comply under Government contracts awarded pursuant to the set-aside or sole source authorities of the Small Business Act. This class deviation updates the limitations on subcontracting and the nonmanufacturer rule for all small businesses in the clauses relating to set-asides and sole source awards under FAR part 19.

Read the complete memo at