A study by internal government watchdogs found Defense Department contracts are missing certain provisions for protecting confidential government data, an omission that may leave sensitive files vulnerable to disclosure or misuse by company employees. But the footnotes of the audit indicate that changes to the guidelines are expected this month.
An agency policy intended to supplement the Federal Acquisition Regulations, which are governmentwide procedures for contracting, "does not include the same amount of detail as to how contractors are to safeguard sensitive information" as other agencies' supplemental guidance, Government Accountability Office auditors wrote in a report released on Friday.
Proposed changes to Defense's rules, however, would stipulate that contractors are responsible for securing federal data on corporate systems and for reporting data breaches that compromise government data stored on their networks, according to the report. The proposal, as of now, would not hold contractors accountable for protecting data housed on Defense's systems. A revised version of the draft rule should be released this month, GAO officials said.
Aliya Sternstein
Aliya Sternstein reports on cybersecurity and homeland security systems for Nextgov. She has covered technology for nine years at such publications as National Journal's TechnologyDaily, Federal Computer Week and Forbes. Before joining Government Executive, she covered agriculture and derivatives trading for Congressional Quarterly. She has been a guest commentator on C-SPAN, WTOP and Federal News Radio. She is a graduate of the University of Pennsylvania.
JOIN THE DISCUSSION