NIST looking for a Small Cybersecurity Business – Do you qualify?

The National Institute of Standards and Technology (NIST) is looking for a small business to assist with the creation of privacy and cybersecurity standards that will apply to federal agencies. Additionally, NIST hopes to gain assistance with the development and modeling of software and applications for various tools, including the National Vulnerability Database.(Nextgov March 29, 2021)

The sources sought notice posted on beta.SAM.gov states, “with a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory’s (ITL) Computer Security Division (CSD) is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals and the Nation.” (ibid)

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements. The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.” (ibid)

Do you qualify for the cybersecurity SINs? Give us a call.

Higher federal procurement standards for IT providers – Are you ready?

The White House is spearheading an interagency endeavor concentrating on software development that will determine federal procurement of information technology (IT). In the coming weeks, vendors can expect to see new IT security standards, governmentwide. This comes after many tech companies complained that the effort under the Trump administration limited the import of information and communications technology from “foreign adversaries.” While leaving the definition of the term “foreign adversary” up to the Commerce Secretary. In addition, the rule as it stands today is broad and raises concerns over due process.

The SolarWinds breach will ultimately raise the bar on vendor security, banning tech from many countries, not just China. It also focuses on vendors and the possibility of vulnerability disclosure policies that encourage reporting weaknesses in their products. Ultimately, vendors providing IT products and services to federal agencies must have the proper level of cybersecurity in place.

Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales said agencies are working together to ensure consistency in the government’s approach to supply chain security across the Commerce Department rule, an executive order aimed at removing foreign adversaries from the bulk power sector. Wales also said, “the administration is counting on higher federal procurement standards to elevate security across the private sector as well.”

Are your IT products compliant? Give us a call.

 

 

CTA and Small Businesses

In January, Congress enacted the 2021 National Defense Authorization Act. It includes amendments to the U.S. Anti-Money Laundering Act, the most noteworthy of which is the Corporate Transparency Act (CTA). (JDSupra, March 22, 2021)

The most significant elements of the CTA to know now:

  • CTA legislation requires “beneficial” business owners to report specific information to the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). A beneficial owner directly or indirectly controls at least 25 percent of the company. Beneficial owners must report their full name, date of birth, current address, and unique identification number. This information will help  prevent the formation of shell companies and money laundering as well as terrorist organization funding.
  • Unless exempt, all privately held businesses in the U.S. are subject to the CTA reporting requirements.
  • CTA becomes effective 1 January 2022. Businesses formed after that time must submit reports within two years.  All business changes are required to be reported within one year.
  • Businesses should add beneficial owner information collection into their operations especially when there are multiple qualifying beneficial owners, as reporting/update deadlines can be cumbersome.
  • Failure to report or update beneficial owner information may include civil penalties up to $500 per day until the violation is corrected as well as criminal fines up to $10,000 and imprisonment for up to two years. (ibid)

The good news is that business entities have almost a full year to get their CTA reporting controls in place, to meet the 1 January 2022 effective date.

Have some CTA regulation reporting questions? Give us a call.

 

Security Clearance Due Process Streamlining

The Defense Department is streamlining process procedures for individual security clearances. (Defense Systems, January 27, 2021). On 19 January, the Under Secretary of Defense issued a memorandum to “simplify, centralize and unify the established administrative process for unfavorable security clearance eligibility hearings and appeals. The memo directs DoD unit heads to allow applicants to: “cross-examine” those who made negative statements about them, and receive documentation on the administrative due process. However, all unit heads retain the ability to “deny or suspend” access to classified information or Special Access Programs if an individual is found to be “inconsistent with protecting the national security.” (ibid)

“The policy is effective upon DoD General Counsel (GC) certification to USD (I&S) that DOHA has prepared, but no later than September 30, 2022.” (ibid)

Was your application for a security clearance revoked and you are not sure what to do next? Give us a call.