[co-author: Tawanna Lee]
On May 12, 2021, President Biden issued the long-expected
Executive Order on Improving the Nation’s Cybersecurity (“EO” or “Order”). The EO comes amidst a series of high-profile cyber-attacks on the Nation and its critical infrastructure, Information and Communications Technology (ICT) supply chain providers, and federal contractors, adding a heightened sense of urgency behind its implementation. In the related Fact Sheet the White House notes that “[r]ecent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”
The Federal Acquisition Regulation (FAR) Council recently issued its long-awaited final rule limiting the ability of civilian agencies to use the Lowest Price Technically Acceptable (LPTA) procurement method. The final FAR rule which takes effect on February 16, 2021, and largely tracks the language contained in the Defense Federal Acquisition Regulation Supplement (DFARS) final rule from 2019 is codified at FAR 15.101-2.
What is LPTA?
The LPTA method is a competitive negotiation source selection process where the non-price factors of a proposal are evaluated to determine which proposals are technically acceptable, and an award is then made to the technically acceptable offeror with the lowest price.
GSA starts big push toward commercial cloud
The General Services Administration has made clear that it knows what it wants in kicking off market research phase for what is shaping up as a massive blanket purchase agreement for enterprise cloud services.
A wide-range of commercial cloud services will be available on a pay-as-you-go basis via the BPA: including software-as-a-service, platform-as-a-service and infrastructure-as-a-service. The vehicle also will include cloud security requirements and services related to cloud implementation.
All federal, state and local government agencies can have access to the contract. GSA is pushing it as a mechanism for agencies to replace legacy IT services and products, while also leveraging cloud offerings already available through the GSA schedule.
To embed, copy and paste the code into your website or blog:
On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his presidency, including the Colonial Pipeline attack, which revealed vulnerabilities within the nation’s infrastructure and information systems. While this is not the first executive order issued to enhance the nation’s cyber defenses, it is the executive order most likely to have an impact and result in a change in light of the White House’s statement that “[r]ecent cybersecurity incidents . . . are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals . . . [as well as] insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
To embed, copy and paste the code into your website or blog:
In a paradigm shift for cybersecurity, President Biden signed an ambitious Executive Order (the Order) on May 12 to address the increasingly sophisticated threats by malicious cyber actors to the nation s software supply chains and federal information systems. The Executive Order on Improving the Nation s Cybersecurity seeks to modernize federal government cybersecurity, improve information sharing between federal agencies and the private sector, and enhance the nation s resiliency to cyber-attacks. While the Order primarily focuses on concrete steps the federal government must take to adopt cybersecurity best practices, there are several provisions that will also significantly impact government contractors, subcontractors and other private sector entities. These changes come at a critical time for such organizations, especially those that are diligently working to meet Cybersecurity Maturity Model Certification (CMMC) req