New Cybersecurity Executive Order Imposes Additional Requirements on Government Contractors

Website Provided by

Government contracts are complicated when certain procedures must be included alongside the regulatory hurdles that must be passed after the contract has been won. Cyber terrorism and electronic complications through hackers and attacks in the digital world have increased since the computer age began, and new cybersecurity measures are being imposed for contractors.

Part of cybersecurity is ensuring the right hardware and software programs are working together and have been purchased and implemented in the security protocols to protect data, user information and the internal electronic systems. This requires the network admin to run purchases through management and provide the specifics that are necessary to stay in line with new orders, the Executive orders from the government and those preventative measures the company has implemented. Once the network admin has secured funding and explained what is needed, he or she may setup the computer and software systems. Another measure may involve hiring someone from an external source to probe the network for weaknesses and plug any leaks that are discovered.

When the company has a government contract, new requirements are imposed by the agency on the business. To protect confidential data, government files and personal information, the network admin may work alongside someone from the government agency that has experience in the legal aspects and orders from the White House. This usually includes additional hardware and multiple layers of security protocols beyond what is normally applied. Someone similar to a hacker may be hired at some point to perform the same tests against the network looking for weaknesses and any spots that additional security is necessary. This also imposes a greater cost which could be double or more than standard for the company.

Digital Dangers

From the start of the 2000s, the digital world has evolved to incorporate more networking, internet access, increased need for security and a wide range of electronic devices for use and to secure access. Through these progressions in technology through science, protecting the network and internal systems of a company has become difficult. There are foreign governments attempting to hack into United States government and state secrets, attempts to steal personal information and theft of data to use overseas for various purposes. The need to increase security for government contracts is essential, and without taking additional measures, breaches may occur.

The defense against security breaches and compromising leaks is complicated and may require stricter measures. The federal government has implemented new procedures that require newer or more secure networks and internal systems when the government or an agency of the government has become involved with a company. This may include biometrics where the fingerprint or eye scan is necessary, second security protocols with passwords and then a rotating pin or similar measures. Some materials may only be accessible through internal systems with no connection to the outside. This may also affect who has access and when based on different security measures.

New Requirements Implemented

In order to protect privacy, maintain public safety of users, economic and national security as well as increase awareness of cybersecurity, two related plans were part of the Executive Orders in February of 2016. The Federal Acquisition Regulation was added to with a subsection and contractual clause to implement basic protections for information when processing, storing and transmitting data for federal contract specifics. Fifteen basic security controls were included in these matters. Cross-agency practices, procedures and processes were established along with safeguards regarding controlling, destroying and disseminating Controlled Unclassified Information with government contracts and companies hired for these purposes.

Mandatory cyber incident reporting was issued by the Department of Defense to encourage a greater participation in cybersecurity with sharing and informing those involved of protocol. The primary reason these procedures are necessary is to ensure defense information from the federal government is protected. Additional measures were added to qualify or disqualify contractors when the DoD has sufficient information that violations of export control occurred. Cyber incidents must be reported. Increase in security is necessary for processing information, storing data and when these operations are transmitted online or through networks. Controls over these actions could disqualify a company from a government contract.

Legal Assistance with Cybersecurity in Government Contracts

Due to law changes that occur constantly, it is imperative to hire a lawyer to understand these changes and ensure they are implemented in the business. Increases for protection with cybersecurity are crucial for obtaining a government contract, and a lawyer may explain the updates.


Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.

Find a Lawyer

Find a Local Lawyer