Defense Cybersecurity: Protecting Controlled Unclassified Information Systems

The Department of Defense (DOD) has reported implementing more than 70 percent of four selected cybersecurity requirements for controlled unclassified information (CUI) systems, based on GAO’s analysis of DOD reports (including a June 2021 report to Congress) and data from DOD’s risk management tools. These selected requirements include (1) categorizing the impact of loss of confidentiality, integrity, and availability of individual systems as low, moderate, or high; (2) implementing specific controls based in part on the level of system impact; and (3) authorizing these systems to operate. As of January 2022, the extent of implementation varied for each of the four requirement areas. For example, implementation ranged from 70 to 79 percent for the cybersecurity maturity model certification program DOD established in 2020, whereas it was over 90 percent for authorization of systems to operate. Please click here to read more.

The Cyber Incident Reporting for Critical Infrastructure Act of 2022: An Overview

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Biden in March 2022 as part of the Consolidated Appropriations Act of 2022, will require companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of the companies’ reasonable belief that a cyber incident has occurred and report ransom payments within 24 hours after a payment is made. Please click here to read more.

When Agencies Should Settle for Less: Brand Name Bid Protests

U.S. agencies regularly tell prospective contract bidders that they must provide a certain brand name product in their proposals—or that only one supplier has the right item—resulting in some companies claiming to be unfairly excluded from competing.

A recent Government Accountability Office decision upholding a defense agency’s request for hollow pins used in Army helicopters made by Boeing Co. illustrates how agencies get leeway on brand name restrictions. Click here to read more.

Bridging the Defense Department’s Valley of Death

NextGov – Decades ago, the federal government and U.S. military led nationwide technology advancements. Today, technology research and development funding is led by private sector companies, with federal agencies and the Defense Department serving as customers. However, accessing, acquiring and employing new technologies spearheaded by startups and innovative technology firms has become increasingly problematic for a host of reasons and for the government broadly, resulting in what’s been termed the “valley of death.” Click here to read more.

Introducing BUY.GSA.GOV

For years, the federal acquisition community has been asking for a simpler way to get the information it needs to make smarter purchases while saving taxpayer dollars. With this in mind, a new tool is available:

This buyer experience tool was built using human-centered design to address pain points in the acquisition process. It features a governmentwide effort resulting from user research and usability testing sessions that included federal agencies, vendors, and GSA’s own acquisition professionals.

Key launch features include: 

  • Easier Market Research
    • Simplify how you conduct market research, find contract vehicles and vendors, and meet mission requirements or Small Business Administration targets.
  •  Documents, Templates, and Pricing Resources 
    • Get searchable templates and sample documents that help you plan your acquisition.
  • Interactive Checklist
    • Build your acquisition package with our new easy to use interactive checklist with self-help modules.