As technology continues to evolve and our nation continues to face major threats through cyberattacks, the federal government is pushing for reform and more training as it relates to federal cybersecurity.
Under President Joe Biden’s administration, there’s now a big push to change the way agencies manage national cybersecurity. The White House wants to move away from self-authentication
and move toward more “strict governance,” including continuous monitoring of networks and outcome-focused measurements.
The current federal cybersecurity initiative
also wants to get the federal workforce—particularly program managers and acquisition specialists—more informed about artificial intelligence (AI). That includes the technology’s scientific underpinnings, the benefits and also the potential risks to national security.
What does all this mean to public sector resellers supporting federal contracts? Roger Waldron, president, The Coalition of Government Procurement, shares four ways federal resellers can be prepared.
1. Watch for changes to government contracts.
The new national cybersecurity strategy calls for more communication—particularly regarding incident reporting. You’ll start to see changes to government contracts requiring contractors to report incidents within 72 hours. There will be new contract language driving more transparency, communication, collaboration and timely reporting. Government contractors will need to start thinking about new reporting structures and how they will communicate with the federal government if a cybersecurity incident occurs.
Be aware that there will be more requirements for communication and collaboration going forward. Read your contracts and understand what’s required for cybersecurity—and also how these requirements flow down into your other agreements with suppliers and partners. Make plans to invest in solutions to help you comply. And be prepared to help other companies who will also need help in this area.
2. Prepare for the move toward zero-trust architecture.
Biden’s executive order also pushes agencies toward zero-trust architecture—repeated authentication and vetting within the IT infrastructure, not just at the perimeter. It’s a fundamental change. Users will soon need to re-authenticate themselves throughout their engagement with federal agencies. It’s a whole new approach, unlike in the past when once users got past the perimeter protection, they could go anywhere within the system and into any database.
: Think about how you can help companies adopt that framework. Consider what products and services you can offer to facilitate the transition.
3. Get ready for new standards for software security.
Another big part of the federal cybersecurity reform is software security. Government will be setting new standards for baseline security requirements and industry best practices to develop labeling methodologies. These will dictate how manufacturers inform consumers about the security of their software products, including a bill of materials outlining where the software was developed.
: New software security standards will roll out over time. As rules are made, watch for opportunities to attend webinars and training—including those offered by the Coalition for Government Procurement
. Stay up to date on the latest news, what’s happening with the cybersecurity maturity model certification (CMMC), and how other contract requirements will roll out in the months ahead. Think about how the software bill of materials will impact your prime contract and what you’ll need to do to comply.
4. Continue your due diligence with government transitions to the cloud.
Biden’s comprehensive national cybersecurity initiative will also strengthen the engagement and communication between government and industry as it relates to the government’s ongoing transition to the cloud. An executive order established a federal cybersecurity incident review board that includes a private sector co-chair—again reflecting the need for government and the private sector to work together on cybersecurity issues.
: Take advantage of the ongoing government transition to big cloud providers. If you’re a third-party integrator, be clear on what value you add to the agency’s transition to the cloud, such as technical support for their unique needs, and how you can complement the cloud services being provided.
For more ways we can support your federal cybersecurity needs, reach out to the Ingram Micro public sector team today.