Mary-Louise Hoffman
New U.S. Office of Management and Budget guidelines on government information technology cybersecurity would raise the cost of compliance to reporting and auditing rules for contractors, John Slye, an advisory research analyst at Deltek, wrote in a blog post published Friday.
Slye said OMB developed the guide to help federal agencies bolster the security of controlled unclassified information stored in contractor-run computer systems.
He forecasts that costs associated with adhering to the framework would be passed on to agencies through contract rates or would affect operating margins of contractors.
The guidance calls for agencies to require contractor systems to comply with security controls established by the U.S. National Institute of Standards and Technology.
OMB also wants agencies to include a cybersecurity incident reporting provision in contracts and ensure that contractors will give access to their IT systems and facilities.
The framework also offers instructions on how agencies can bolster cyber posture and lower supply chain risk through a due diligence process.
