USDA Gives $2 Billion to Black and Minority Farmers Following Discriminatory History
August 6, 2024
D.C.’s No. 2 Buildings Official Resigns After Being Caught With Secret Freddie Mac Job
August 11, 2024
By Edward Tuorinsky
Contractors face a 90-day deadline to prove their cybersecurity compliance as awards for the OASIS+ vehicle start to fall and that is a precursor to broader industry-wide requirements, DTS CEO Edward Tuorinsky writes.
All signs point to contractor cybersecurity this fall as OASIS+ contracts are awarded and the Cybersecurity Maturity Model Certification moves toward a final rule.
OASIS+ will set the pace as it is the General Services Administration’s government-wide, multi-agency, multiple-award, indefinite-delivery, indefinite-quantity contract for non-IT services.
The awards started rolling out on July 30, giving awarded contractors 90 days to produce proof of their cybersecurity compliance.
Cybersecurity requirements for OASIS+
Submissions for OASIS+ included a pre-award security evaluation covering 15 safeguards. Filling out those checkboxes was the easy part. By doing so, company leaders attested that their companies were compliant.
Now comes the harder part. Companies must complete another checklist, uploading documentation for each standard of NIST 800-53 (Security and Privacy Controls for Information Systems and Organization) and NIST 800-161 (Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations).
Required documentation
Documenting compliance should not be too taxing for contractors who are well into preparing for a CMMC audit. It’s a cut-and-paste job using their System Security Plan or other “proof” that their systems meet or exceed requirements.
But for companies that have yet to mature their cybersecurity posture, the OASIS+ spreadsheet may prove difficult and costly.
Click here for full story from Next Gov / FCW
