NIST Unveils ‘Framework Meets FISMA’ Cyber Best Practices

The government’s cyber standards agency released draft guidance Friday outlining cybersecurity best practices for federal agencies.

The long-planned initiative came just one day after President Donald Trump issued an executive order mandating federal agencies implement a cybersecurity framework that agency, the National Institute of Standards and Technology, developed or face consequences.

Friday’s guidance from NIST essentially outlines how agencies can incorporate that cybersecurity framework into their existing security requirements. NIST officials have referred colloquially to the document as “framework meets FISMA,” a reference to the Federal Information Security Management Act, government’s main cyber compliance law.

Continue reading:

Rules around buying of commercial items remains hot button issue for DoD, Congress

Two interesting items to keep an eye out on Capitol Hill. First, Rep. Mac Thornberry (R-Texas), the chairman of the Armed Services Committee, is expected to issue the first draft of his acquisition reform bill this week.

Details about the proposals in this annual Defense authorization legislation still are being closely held, but Thornberry told the press in late April that the bill will try to address several procurement areas where the committee hasn’t spent a lot of time on in recent years.

Industry sources say one of those areas is the buying of commercial items. The sources say Thornberry’s staff has been active in talking to DoD and industry about what’s needed to improve the military’s access to commercial items.

Continue reading:

Navigating Defense Department Cyber Rules

Defense contractors by Dec. 31 are expected to provide “adequate security” to protect “covered defense information” using cyber safeguards.

This obligation arises from a Defense Acquisition Regulation System Supplement clause, “Network Penetration Reporting and Contracting For Cloud Services,” that was finalized last October and described in the National Institute of Standards and Technology (NIST) Special Publication 800-171. Thousands of companies who sell directly to the Defense Department, and thousands more who sell to its suppliers, are or will be, subject to the rule.

The Pentagon is well-justified to seek improved cyber protection of sensitive but unclassified technical information. Hackers have exploited network vulnerabilities in the defense supply chain for the unauthorized exfiltration of valuable and sensitive defense information. Senior defense officials have expressed alarm at this persistent and pervasive economic espionage. 

Continue reading:

GSA starts translating Trump’s priorities into acquisition policy

The General Services Administration is going to have its hands full this summer as it works toward translating President Donald Trump’s contracting priorities into policy.

Jack St. John, GSA’s chief of staff, outlined a few of these priorities for a crowd of contractors at the May 11 Coalition for Government Procurement’s Spring Conference in Falls Church, Virginia.

“We are in the process of making changes, one of which is switching the [Transactional Data Reporting] requirement from a mandatory to a voluntary process. We’re going to reexamine the burdens and benefits of TDR,” he said.

Continue reading:

The power of the DATA Act begins to emerge

On a recent May day at Booz Allen Hamilton’s Innovation Center in Washington, D.C., about 50 creative minds opened their laptops in a street-level conference room lined with windows and dry-erase walls, and dove into 100,000 federal spending reports.

About 30 hours later, the industry IT experts took the center’s stage to present their work during the first ever DATA Act Hackathon — an early opportunity to explore the standardized spending information at the heart of the Digital Accountability and Transparency Act.

Continue reading:

Treasury upgrades USASpending.Gov as agencies submit data

In an effort to increase government transparency, the Department of the Treasury has made the expanded USASpending.Gov database available to the public.  The project marks the culmination of a three-year initiative to increase government transparency mandated under the Digital Accountability and Transparency Act of 2014.

The Data Act mandates that agency CFOs submit federal spending information in a standardized, machine-readable format to by May 9.  The delivery of the agency spending data is only to be a starting point for increasing financial transparency.

The new site tracks agency appropriation and expenditures, including contracts, grants, loans, employee salaries. It breaks the federal budget into 19 categories called budget functions, and links relevant agency expenditure data with awards distributed by the government.

Continue reading:

Exclusive: HASC Chairman Thornberry Talks Acquisition Reform, Budget Issues and Prospects for Base Closures

Since picking up the gavel as the chairman of the House Armed Services Committee at the beginning of the 114th Congress in 2015, Rep. Mac Thornberry has made acquisition reform at the Defense Department a top priority.

That year, the Republican who hails from Texas’ 13th district made his first effort to tackle a system — which many say is too slow and cumbersome — when he introduced the Acquisition Agility Act. Many provisions in the legislation made it into the National Defense Authorization Act of 2017, which was signed into law at the end of 2016.

Continue reading:

Welcome to the DOD SBIR/STTR Small Business Portal

The DOD SBIR 17.2 and STTR 17.B Broad Agency Announcement (BAA) topics are now in pre-release! You can now view topics, ask questions through the SITIS Q&A system, and contact topic authors directly (contact information is listed with the topic).

This BAA will officially open for proposal submission on May 23!

Need assistance? Call the Help Desk on M-F between 9:00 a.m. – 6:00 p.m. ET at 1-800-348-0787 or email You can also visit the FAQs sections to learn more.

House Panel Passes Bill Requiring Federal Cyber Guidance for Small Businesses

The House Science Committee easily passed legislation Tuesday directing the government’s cybersecurity standards agency to provide more guidance and other resources to small businesses.

The NIST Small Business Cybersecurity Act directs the National Institute of Standards and Technology to provide voluntary resources to companies that vary with the size of the business and are technology neutral.

The resources should also help small companies promote a strong cybersecurity culture and to manage relationships with vendors and customers with an eye toward securing information, according to the bill.

Continue reading: