The General Services Administration will require vendors to provide information technology security plans detailing how they are meeting federal cyber regulations under a new rule published Friday.
GSA said that changes are will apply to IT contracts awarded after Jan. 6, 2012 and that contractors must submit their IT security plans within 30 days of the contract award.
The plan should detail the processes and procedures the contractor will follow for “appropriate security of IT resources… used under the contract.”
GSA said it will use this information to verify that IT data and systems are effectively secured from unauthorized users. GSA will also inspect prime contractors’ and subcontractors’ facilities and IT systems.
Both prime and subcontractors will submit written proof of IT security authorization six months after the award in order to verify the validity of their security plan. The required plans and proposals will be included in IT contract solicitations.