Updating gsa advantage sip
[GSAR Case 2016-G511, Information and Information Systems Security, 83 Fed. [GSAR Case 2016-515, Cyber Incident Reporting, 83 F. The final rule will require contracting officers to incorporate applicable GSA requirements within statements of work to ensure compliance with the new rule; demand that contractors implement best practices for preventing cybersecurity incidents; and impose cybersecurity requirements for internal contractor systems, external contractor systems, cloud systems, and mobile systems.
It will also update existing GSAR provision 552.239-70, Information Technology Security Plan and Security Authorization, and GSAR clause 552.239-71, Security Requirements for Unclassified Information Technology Resources, to only require the provision and clause when the contract will involve information or information systems connected to a GSA network. GSA’s New Incident Reporting Requirements Like the existing cybersecurity requirements, the existing cyber incident reporting policy, GSA Order CIO 9297.2, GSA Information Breach Notification Policy, did not previously go through the rulemaking process.
Now, you submit a modification and once that modification is submitted you update your SIP files.
The new process will include updating your GSA Advantage files when you upload the modification itself. For example, if you are submitting a product addition modification or a pricing modification the system will tell you where you stand compared to other vendors with the same product on Contract.
This increased transparency will hopefully speed up the modification process and make small businesses more competitive because there is more information at their fingertips.
So, sounds like the government is making improvements to make vendor's lives a bit easier. However, for all current vendors you will need to go into the system and complete what GSA is calling "base-lining".
We are also offering free base-lining to the first 10 vendors that sign up here: https://government-contract-services.reservio.com/ And of course...
The rule will also outline additional contractor requirements for cyber incidents involving personally identifiable information (PII).
Much like the Safeguarding Covered Defense Information and Cyber Incident Reporting regulation, DFARS 252.204-7012, the new GSAR rule will clarify both GSA and ordering agencies’ authority to access contractor systems in the event of a cyber incident; establish a requirement for the contractor to preserve images of affected systems; ensure contractor employees receive appropriate training for reporting cyber incidents; and outline how contractor attributional/proprietary information provided as part of the cyber incident reporting process will be protected and used. Some Factors GSA Might Consider There are 23 categories and 84 subcategories of Controlled Unclassified Information and it’s hard to argue that any are less deserving of the protections afforded by the National Institute of Standards and Technologies Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” For data security, GSA might consider following the DFARS Safeguarding Rule and require that contractors implement the security practices of SP 800-171 in effect at the time of the solicitation and as updated and authorized by the GSA Contracting Officer.
The Formatted Product Tool was built to make managing your contract easier and to streamline the modification process.
First of all, we can all celebrate the impending death of the Schedule Input Program (SIP)! Also, the new tool will removing a step from the process.