Broad New Data Security Rule Proposed For Federal Contractors

Author:Mr Jonathan Cain
Profession:Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
 
FREE EXCERPT

A new rule proposed for federal government contractors will require that all federal contracts over $100,000 (including contracts for commercial items and those to small businesses) will have to include a clause requiring the contractor to implement  basic data security protections for any non-public data provided to the contractor by the federal government or generated by the contractor for the government.  If the rule is adopted, it will require that any such non-public information residing on or passing through a contractor's information system be protected from unauthorized access and disclosure.  The Department of Defense, the General Services Administration and the National Aeronautics and Space Administration all recognize that an outgrowth of the requirements for federal agencies to provide security for information and information systems that support federal agency operations, as set forth under the Federal Information Security Act of 2002, includes the information and information systems managed by contractors.

Specific requirements include prohibitions on:

Processing government non-public information on public computers (e.g., kiosks or hotel business centers), on computers that lack access control or through web sites that lack user access controls such as ID/passwords or user certificates; Transmitting email, text messages or other communications of government non-public information without using encryption and other best practices to provide security and privacy; Using voice or fax transmittal of government non-public information unless the sender has a "reasonable assurance" that access to the communication is limited to authorized recipients; Failing to protect government non-public information with both physical and electronic barriers to access; Failing to...

To continue reading

FREE SIGN UP