The Office of Personnel Management plans to require government contractors for employee background investigations processes to report cybersecurity incidents within 30 minutes and allow unannounced system inspections by the agency, Nextgov reported Friday.
Jack Moore writes that a draft request for proposals released in January indicated the added requirements for OPM contractors as the agency continues its work to secure federal personnel records.
The data breaches on OPM systems last year compromised the personal information of 22.1 million federal employees and contractors.
“Due to the ever-evolving nature of cybersecurity threats, the IT security clauses posted in the draft RFP represent recent revisions but do not represent the most up-to-date revisions in progress, which will be finalized and issued with the formal solicitation,” agency spokesman Sam Schumach noted in an email to Nextgov, according to the report.
Also included in the proposed contractor security requirements are data encryption and the use of smart cards to support two-factor authentication to access OPM networks, the report said.