New cyber acquisition rule presents compliance challenges for contractors, federal agencies

Government contractors and federal agencies alike will struggle to assess compliance with new “baseline” cybersecurity rules set by the Pentagon and General Services Administration – while the rules also may lead to civilian-agency contractors facing the same kind of cyber incident reporting requirements that defense contractors already face under other requirements, according to industry stakeholders.

A new rule issued last week by GSA and the Defense Department requires all civilian agency and defense contractors to have baseline security controls...