Last week, the General Services Administration (“GSA”) issued a Request for Information (“RFI”) soliciting comments from federal contractors on the feasibility of incorporating cybersecurity standards into federal acquisitions rules. 78 Fed. Reg. 27,966 (May 13, 2013). Through the RFI, GSA hopes to obtain diverse stakeholder involvement prior to the implementation of any new cybersecurity framework.
The RFI is part of a joint effort between GSA and the Department of Defense (“DOD”) to help develop a framework for cybersecurity standards pursuant to Section 8(e) of President Obama’s February 13, 2013 Executive Order addressing the improvement of critical infrastructure security (E.O. 13636). Section 8(e) of the Executive Order requires that GSA and DOD, in consultation with the Department of Homeland Security (“DHS”) and the Federal Acquisition Regulation Council, make recommendations to the President on the feasibility, benefits, and relative merits of incorporating cybersecurity standards in the government contracts sphere.
To fulfill this mandate, GSA and DOD have formed a Joint Working Group on Improving Cybersecurity and Resilience through Acquisition, including representatives from DOD, GSA, DHS, the Office of Federal Procurement Policy, and the National Institute of Standards and Technology, to offer guidance and recommendations. GSA is also soliciting information and perspectives from affected contractors through its RFI, which seeks input on 37 separate questions concerning the inclusion of cybersecurity standards in federal acquisitions rules, including questions concerning: (1) the general feasibility of incorporating cybersecurity standards into federal acquisitions; (2) commercial procurement cybersecurity; and (3) the harmonization of federal cybersecurity standards with state, local, national, and international standards.
Comments to the RFI are due by June 12, 2013. Contractors are strongly encouraged to take advantage of the opportunity to participate in the development of these future procurement requirements, as they are likely to significantly alter the costs and feasibility of participating in government contracting and result in new avenues for liability.