The General Services Administration (GSA) has issued a proposal for new guidelines on data breaches disclosure that government contractors must follow and give the government access to their system in the event of a breach.
The GSA proposal will amend the General Services Administration Acquisition Regulation (GSAR) requiring contractors to report any cyber incidents that could potentially affect the GSA. The change would establish a timeframe for reporting if the confidentiality, integrity, or availability of information or information systems owned or managed by or on behalf of the U.S. Government is potentially compromised.
“By incorporating cyber incident reporting requirements into the GSAR, the GSAR will provide centralized guidance to ensure consistent application of cybersecurity principles across the organization,” the GSA stated.