Alex Canizares, partner at Perkins Coie, joins Off the Shelf for a discussion of the evolving cybersecurity framework and what it means for government contractors.
Cybersecurity has become a foundational performance requirement for government contractors. In a wide-ranging discussion Canizares first addresses the cybersecurity basics starting with what is controlled unclassified information and moving on to discuss the basics of NIST 800-171, the standard FAR based safeguarding clause, and the DFARS clauses.
He also provides some historical context, discussing the role of Executive Order 14028 (May 2021) and the White House National Cybersecurity Strategy (March 2023).
Canizares highlights the government’s keen focus on cybersecurity compliance, pointing to the Department of Justice’s (DOJ’s) Civil Cyber-Frand Initiative. DOJ’s Civil Cyber-Fraud Initiative brings the Civil False Claims Act (FCA) front and center as an enforcement tool for cybersecurity compliance in government contracts.
Finally Canizares outlines the risks to government contractors and shares best practices for mitigating those risks, and provides his thoughts and analysis of two new proposed FAR rules addressing cybersecurity and reporting:
The cyber incident and information sharing
Standardizing cybersecurity requirements for unclassified federal information.