Keith Nakasone, deputy assistant commissioner for acquisition within the General Services Administration’s office of information technology category, said GSA will continue to integrate cybersecurity requirements into governmentwide acquisition contracts to help ensure the security of sensitive data, FedScoop reported Wednesday.
Nakasone said the security controls will be aligned with the Department of Defense’s Cybersecurity Maturity Model Certification program and the addition of such requirements will not be a “one-and-done type of deal.”
“We know that this is a very complex process that we have to build out within our acquisition solutions, but I think over time, you’ll see some injection, whether it’s from the Federal Acquisition Regulations, from the [National Institute of Standards and Technology] revisions that are up and coming. You’ll start to see some of the things either baked into requirements and or regulations,” Nakasone said Wednesday during the SNG Live panel. “So we definitely see a movement in ensuring that our IT systems are protected.”
GSA added CMMC requirements to the $50B STARS III GWAC that was launched in July for small IT contractors.