Strengthening the security of federal networks, systems, and data is one of the most important challenges federal agencies face. Therefore, the General Services Administration (GSA) is changing how it provides access to the Department of Homeland Security (DHS)'s cybersecurity program through the Continuous Diagnostics and Mitigation (CDM) program. GSA's newest Schedule 70 Special Item Number (SIN) 132-44, Continuous Diagnostics and Mitigation Tools, is a dynamic approach to strengthening the cybersecurity of government networks and systems. The jointly administered program by DHS and the GSA currently operates under a Blanket Purchase Agreement (BPA) which will expire in August, 2018. The GSA began the BPA-to-GSA transition process by adding the SIN 132-44 to IT Schedule 70.
THE TIME IS NOW.
You may or may not be aware that by submitting a proposal for a GSA Schedule 70 contract with the new GSA Cyber Security SINs (Penetration Testing, Incident Response, Cyber Hunt, and Risk & Vulnerability Assessments) it will take you on average 45 days to be awarded a schedule. In the commercial world this may sound like an ordinary time to award, but since we are dealing with the US Government, this is extremely expedited. The average time-to-award for a GSA Schedule 70 proposal including other SINs under the GSA’s IT Schedule 70 is 4-6 months.
Topics: cyber security
Topics: cyber security
CIA Director John Brennan’s personal @AOL.com email account was hacked into by a high school student and his personal information was exposed on WikiLeaks on October 21, 2015. They published his Social Security numbers, passport numbers, credit card and addresses of his family and associates. In addition, they released emails and documents generated before Brennan’s time in the Obama administration and while it did not contain classified government information, this has triggered great concern within the intelligence community and U.S. Government.
The recent Ashley Madison hack doesn’t just have divorce attorneys and spouses scrambling. Federal, municipal and plenty of private sector employers are all on high alert. And they should be.
We often hear from the public sector that web-based attacks that occur at companies like Adobe, Forbes, Sony, or Anthem are not their problem. Public Sector organizations secure their own networks with the best hardware, detection software, and penetration testing, and have in place stringent rules about passwords and top-notch use policies that ensure they are safe. In every case, the security chain is only as strong as its weakest link.
With the ever growing accessibility of personal devices to organizational networks, identity management has never been of higher importance in both the public and private sector. Organizations’ IT networks contain an endless amount of sensitive data, and without proper authentication protocols, this data is at constant risk of breach. In the commercial space, the retailer Target’s breach in late 2013 was a difficult reminder that not addressing cyber risks on every level of your organization can lead to severe ramifications and security compromises.
The Internet Crime Complaint Center (IC3), which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), was designed to expand the reach of law enforcement on the local, state, and federal levels to combat against cyber attacks.