Sign Up For Our Weekly Emails
Get the latest updates on special offers, courses, events, webinars and books from Federal Publications Seminars.
Thank You
You'll soon be receiving updates about special offers, events, & more.
Get 10% Off Your Next Purchase
Sign Up For Our Emails
Thank You
You'll soon be receiving updates about special offers, events, & more.
Overview

Who should attend:

This course is designed for professionals of all levels with a basic government contract understanding from the following areas:

    • Contract Administrators

    • Contract Managers, Directors

    • IT Professionals with contract oversight

    • Federal, State, Local Government Procurement/Acquisition professionals

    • Non-Profit and Grants professionals

What you will learn:

The federal government is raising its investment and reliance on advanced information technology (IT) infrastructures to support its missions across all departments. An effective cybersecurity regime is core to successfully implement and complete all government programs. Designed for contractors and agencies, our Cybercontracting Workshop delves into the body of regulations governing information management and explores how they guide acquisiton planning and administration.

This workshop will help attendees learn how to stay on top of all the requirements and maintain compliance, how to prepare and submit an IT security plan and what comprises a sound information security plan. In addition, attendees will learn how to prepare an RFP with cybersecurity requirements and how to respond to such a proposal.

The four main elements of the program are explained below:

    1. The Basics: A comprehensive overview and update for contract practitioners. Regulatory Overview, the Statutes, Regulations, and Standards. FISMA, Privacy Act, FAR/DFARS, FedRAMP, NIST.


    2. A Synthesis: What contractors and agencies must know and how to keep current. Cybersecurity Regimes and Common Elements Across the Full Spectrum of Agency Requirements and Rules, Classified and Unclassified.


    3. Contracting Implications: A practical examination, explanation, and analysis on how the rules apply. From Acquisition Planning and Source Selection through Bidding, Proposals, Protests and Challenges, Performance, Changes, Claims and Costs, to Contract Completion – the Impact of Cybersecurity Rules and Regulations on Contracting throughout the Contracting Cycle.


    4. Compliance: How Contractors and Agencies can protect themselves and their organizations through informed practices and procedures. How Contractors and Agencies Comply with the Rules and Stay On Top of the Requirements in the Dynamic, Changing World of Cybersecurity Contracting. Audits, Checklists, Risk Assessment models, Incident Reporting, and Remedial Action. IT Security Plans, and the Key Elements of a Sound Information Security Program

Materials include:

    • Course Manual

Dates/Locations
No upcoming dates/locations at this time
Agenda
Day 1
9:00 AM - 4:00 PM
 
Day 2
9:00 AM - 12:00 PM

A CYBER PANORAMA - MAJOR FACTORS DRIVING CYBERSECURITY

Cyber Threats for the Public & Private Sectors

National Security & Public Safety Threats

Digital Pearl Harbor (e.g., DoD Secretary’s warning
Critical infrastructure threats

Personal Data & Individual Threats

Half-billion personal records compromised
Major public & private sector data breaches\

Intellectual Property & Economic Threats

$1 trillion global losses
Systematic cyber looting (e.g., DNI report)

The Information Technology Kingdom

Federal Sector & Information Security

Federal sector as largest information entity in world
Types of high-value data in federal sector
-- National security
-- Sensitive personal & healthcare data
-- High-value technology & trade secrets

Private Sector & Information Technology

85% of critical infrastructure in private sector
Information technology sector as critical infrastructure
$1 trillion IT sector

Public Policies Competing with Information Security

Information Sharing vs. Security

Connecting the data” as essential to security
Security risks due to information sharing (e.g., WikiLeaks)

Transparency and Disclosure vs. Security

Federal requirements for transparency & disclosure
-- FOIA
-- eGov Act

Competing federal policies between confidentiality & transparency

Privacy vs. Information Security

Privacy & information security as complementary policies
Security requirements competing against privacy
-- Personnel screening
-- Internet surveillance (e.g., Einstein project)

THE STATUTORY AND REGULATORY FRAMEWORK FOR INFORMATION SECURITY

Basic Federal Information Security Laws & Rules

Federal Information Security Management Act (FISMA)

Fundamental requirements
Applicability to federal agencies & contractors
FISMA interpretation & implementation
-- Executive policy
-- Congressional oversight
-- Judicial interpretation

Federal Acquisition Regulation

Applicability to government contractors
Incorporation of OMB and NIST standards

OMB & NIST Standards

Key OMB guidance
NIST & FIPS standards
Mandatory vs. voluntary standards

Agency Regulations Implementing Cybersecurity

GSA Information Security Regulations
-- Regulatory requirements
-- GSA implementation
-- Sample RFP clauses

DoD Information Assurance Rules

DFARS regulatory requirements
DIACAP security implementation
DoD proposed rules for information assurance
Sample RFP clauses

DHS Information Security

Regulatory requirements
DHS implementation
Sample RFP clauses

DOE Information Security

Regulatory requirements
DOE implementation
Sample RFP clauses

VA Information Security

Regulatory requirements
VA implementation
Sample RFP clauses

HHS Information Security

Regulatory requirements
HHS implementation
Sample RFP clauses

Cloud Computing and Information Security

Executive Policy on Cloud Computing
-- Factors driving cloud computing
-- Implementation & initiatives

FedRamp Program
-- Purpose
-- Move towards federal uniformity

Cloud Security and Key Issues
-- Security risks & benefits
-- Key security initiatives

Privacy Laws and Information Security

Overview
-- Patchwork privacy laws in U.S.
-- Information security as essential to privacy

Privacy Act
-- Fundamentals of Privacy Act
-- Civil & criminal remedies as factor in security breaches

HIPAA and Healthcare Privacy
-- Fundamentals of HIPAA
-- HIPAA requirements & information security

State Security Breach Laws
-- Overview of state provisions & requirements
-- Duties for security programs & safeguards

SEC Enforcement of Information Security

SEC Guidance on Material Risks & Information Security
-- Expanding the information security net
-- Implications for publicly traded companies

Key Factors for Information Security
-- Security breach incidents & disclosure
-- Internal safeguards & assessement
-- Major cyber risks & reporting

KEY ELEMENTS FOR A SOUND INFORMATION SECURITY PROGRAM

Establishing Security Objectives

Integrity

Confidentiality

Availability

Identifying Security Needs

Requirements Identification

Risk Assessment

Initial risk assessment
Periodic risk assessment

Cost-Effectiveness Assessment

Appropriate Level of Security

Levels of security
Multiple factors in determining security levels

Life-Cycle Security

Implementing a Security Program

Policies and Procedures

FISMA requirements
Other requirements

Security Controls

Management controls
Operational controls
Technical controls

Continuous Monitoring

Configuration management & control processes
Security impact analyses
Assessment of security controls
Security status reporting

Configuration Control

Continuity of Operations

Ensuring Compliance

Training

Periodic Testing and Evaluation

Accountability

Security Incident Detection and Reporting

Remedial
Actions


CYBER CONTRACTING

Acquisition Planning & Formation

Cybersecurity as Planning Factor
Specifications & Restrictive Requirements
Uniformity in Federal Acquisitions
Emerging Protest Issues

Contract Performance

Security Programs & Agency Approval
Contractor Access to Federal Networks
Disqualification & Due Process
Past Performance & Security Breach

Liability and Risk Allocation

Government Contractor Defense
Public Law 85-804
SAFETY Act
Cyber Insurance

Cyber War and Contractor Risks

Agency & Contractor Oversight

Congressional Oversight & Initiatives
GAO Oversight
Inspector General Oversight

Experts
  • Jeffery M. Chiow
    Shareholder, RJO
    Mr. Chiow is co-chair of the firm’s Government Contracts Practice Group. He represents clients in litigation and government investigations that usually have some nexus to a government contract. He also provides counsel on business and compliance issues, delivering creative and pragmatic soluti...
  • Robert Metzger

    Mr. Metzger is a Shareholder at the law firm of Rogers Joseph O'Donnell. He is a member of the firm's Government Contracts and Complex Commercial Litigation Practice Groups, and is the head of RJO’s Was...

Accreditation
See Individual Courses For Available Credits
Certificates of Completion are provided to all seminar participants who attend Federal Publications Seminars courses following the event, upon request.
CPE: Continuing Professional Education
Field of Study: Specialized Knowledge
Delivery Method: Group-Live Classroom
Federal Publications Seminars is affiliated with West Professional Development and is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.
For more information regarding administrative policies such as refunds, cancellations and complaints, please contact Federal Publications Seminars at 888.494.3696.
CPE Hours
This program is eligible for: 13 (CPE) hours of credit
Program Level: Basic
Program Prerequisite: None
Advance Preparation: None
Method: Live-Group
CLP: Continuous Learning Points
Approved for CLP by Defense Acquisition University
Defense Acquisition Workforce members must acquire 80 Continuous Learning Points (CLP) every two years from the date of entry into the acquisition workforce for as long as the member remains in an acquisition position per DoD Instruction 5000.66. We will provide you with documentation of points awarded for completing the event.
CLP Hours
This program is eligible for: 11 (CLP) hours of credit
CLE: Continuing Legal Education
States have widely varying regulations regarding MCLE credit. LegalEdcenter is an approved provider in AL, AK, AR, CA, GA, IL, ME, MO, MS, NC, ND, NE, NH, NJ, NM, NV, NY, OH, OK, PA, RI, SC, TN, TX, UT, VA, VI, VT, WA, WI, and WV. Credit may be applied for in other jurisdictions on request and in accordance with state MCLE rules.
Please note that because some states are changing their policy on CLE reporting, you will need to fill out the request for credit from Federal Publications Seminars within 10 business days, or we may not be able to issue credits for the program.
CLE Hours
This program is eligible for: 11 (60 minutes), (50 minutes)
Travel
No travel information is available at this time
In-House
Bring Federal Publications Seminars to your location! If you would like to offer this course in-house, please contact us.
Schedule Training
Fill out this form and someone from FPS will contact you shortly. You can fill out as much or as little information as you would like. Prefer to talk to us? Call 888.865.9082.
Thank You
You will be contacted shortly.
Level
  • 100
    Basic or fundamental subject matter is covered. Courses are geared to general knowledge or can be taken as a refresher.
  • 200
    Specific topics or issues within a topic area are covered. Students should be familiar with terms of art and general concepts concerning the course topic.
  • 300
    Workshops and class discussions cover specific subject matter in-depth, and participation is strongly encouraged. Attendees should have at least 2-3 years' experience in the area of study.
  • 400
    Courses build upon students' knowledge and experience, and cover complex issues within the subject matter. Should have 4-5 years' mastery of subject for in-depth analysis.
  • 500
    Masters-level programs designed for professionals with 5+ years' experience. Courses cover in-depth and technical analysis on specific subjects and updates on current issues.