Chapter 8Cybersecurity and Federal Government Contractors


  1. Federal Information Security Management Act
  2. NIST Information Security Controls for Government Agencies and Contractors
  3. Classified Information Cybersecurity
  4. Covered Defense Information and Controlled Unclassified Information


Federal government contracting is a multi-billion-dollar industry in the United States. Companies provide a wide range of services to the federal government, ranging from information technology to janitorial services to management consulting. To the extent that any of these businesses exchange data with the federal government, they must comply with a wide range of cybersecurity laws and regulations.

In recent years, Congress and federal agencies have intensified their scrutiny of contractors' cybersecurity practices, in the aftermath of contractor Edward Snowden's leak of massive volumes of classified National Security Agency documents and the breach of millions of Americans' security clearance applications with the Office of Personnel Management. This chapter provides a broad overview of the laws and regulations that are most likely to affect the cybersecurity of government contractors.

In short, cybersecurity requirements for government contractors depend on the types of information they handle. All contractors that handle federal government information systems must comply with the recently overhauled Federal Information Security Management Act and the National Institute of Standards ...

Get Cybersecurity Law now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.