GSA Demands Security Plans from IT Companies
By Matthew Weigelt
Federal Computer Week
General Services Administration officials have changed their acquisition regulation to strengthen security requirements for contracts through which they buy IT services and supplies and IT systems.
Under the new final rule, companies have to submit to GSA an IT security plan so GSA can verify the company is keeping the agency’s data and systems from unauthorized use.
The rule sets a 30-day deadline for submitting the plans that describe how the company will properly secure information. It also requires contractors submit written proof of IT security authorization six months after award, and they have to verify that the IT security plan remains valid annually…