From the organization responsible for probably one of the worst intelligence breaches in recent history, the Office of Personnel Management (OPM), come draft guidelines and forthcoming cyber security compliance requirements for contractors they do business with. I’ll just leave that here for you all to ponder a bit.
I am sure they mean well but it is just not good timing on OPM’s part. They are using Github to host and received feedback on the draft (click Edit Guidance on this page) so they got that goin’ for them, which is nice. Comments are open through September 10.
via SC Magazine
The Office of Management and Budget (OMB) proposed new cybersecurity guidelines earlier this week to help government agencies draft contracts with third-party groups.
Its suggestions, titled “Improving Cybersecurity Protection in Federal Acquisitions,” aim to “take major steps toward implementing strengthened cybersecurity protections in federal acquisitions and therefore mitigating the risk of potential incidents in the future,” OMB wrote. The policy will apply to “information collected or maintained by or on behalf of an agency,” the draft stated.
The agency based many of its guidelines around those of the National Institute of Standards and Technology (NIST). In particular, portions of OMB’s proposal mirror NIST’s June release, “Security and Privacy Controls for Federal Information Systems and Organizations” (NIST SP 800-53).
Today’s post pic is from WikiMedia.org. See ya!