navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

Industry group says OMB cybersecurity guidance too lax

September 14, 2015 (Photo Credit: Win McNamee/Getty Images)

Often, vendor advocates speak out against overly specific regulations that put additional requirements on federal contractors. However, when it comes to cybersecurity, the Professional Services Council believes new guidance from the Office of Management and Budget doesn't go far enough.

In a recent letter to OMB, PSC leadership decried the agency's memo on Improving Cybersecurity Protections in Federal Acquisitions as being too lenient to provide good security and too open-ended to be properly interpreted by agencies and companies vying for federal contracts.

Don't Miss CYBERCON 2015, a cybersecurity conference coming Nov. 18, featuring DISA Director Lt. Gen. Alan Lynn. Get details here

PSC docked the guidance for only offering "generalized statements" on how cybersecurity should be written into contract documents, while also providing "explicit authority for agencies to deviate from it almost at will."

Specifically, the letter cites the section on security controls, which instructs agencies to adhere to standards published by the National Institute for Standards and Technology for managing controlled information on non-federal networks. However, the OMB guidance allows agencies to deviate from those standards as they see fit.

"This is exactly the interpretive, decentralized behavior that has produced the current state of network security vulnerabilities," the letter reads.

The Council suggested OMB either revise the document to provide a "consistent, unified approach for agencies" or pull back the guidance entirely and instead focus on revising standards in the federal acquisition regulation.

Don't Miss CYBERCON 2015, a cybersecurity conference coming Nov. 18, featuring DISA Director Lt. Gen. Alan Lynn. Get details here

Next Article