Cyber Hygiene
Note: There have been new actions to this contract opportunity. To view the most recent action, please click here.
General Information
- Contract Opportunity Type: Special Notice (Original)
- Original Published Date: Feb 02, 2022 08:05 pm EST
- Original Response Date: Dec 31, 2022 05:00 am EST
- Inactive Policy: Manual
- Original Inactive Date: Dec 31, 2022
- Initiative:
- None
Classification
- Original Set Aside:
- Product Service Code:
- NAICS Code:
- Place of Performance:
Description
Dear Industry Partners,
In 2015, the Department of Homeland Security (DHS) incorporated Cyber Hygiene clauses into its contracts and agreements to require contractor compliance with certain cyber standards and protections. In light of events in recent years, DHS began a pathfinder effort in Summer of 2021 to advance our process in assessing industry compliance with Cyber Hygiene clause requirements. DHS continues to identify lessons learned and best practices coming out of our early pathfinder work that illustrated the potential adverse impacts to the diverse small industry base supporting many DHS missions. Our end goal remains to have a means of ensuring a contractor has key cybersecurity and cyber hygiene practices in place as a condition for contract award.
Following on from the initial pathfinder assessment analysis, which indicated a need to gather data on a larger vendor population, we have developed a methodology to assess a subset of existing DHS vendors where the HSAR Class Deviation 15-01 is applicable based on statistical means. The assessment of this subset of vendors will take place via information gathered in a vendor self-assessment instrument.
The self-assessment questionnaire will be released in the coming days to a representative population of DHS HQ vendors with the applicable HSAR Class Deviation 15-01 in one or more of their contracts. By releasing this questionnaire to our vendors, we expect to establish a statistically viable assessment of overall cyber hygiene risk across DHS that will guide continued work towards an improved cyber posture and will aid in establishing the focus of future program development, including government-led assessments. This process is again a critical step in our progress towards maturing our Cyber-Supply Chain Risk Management (C-SCRM) program and protecting the Homeland.
We look forward to continuing to collaborate with you on this matter. Thank you for all you do to support our missions and protect the Homeland.
Sincerely,
Eric Hysen
Chief Information Officer
Paul Courtney
Chief Procurement Officer
Attachments/Links
Contact Information
Primary Point of Contact
- OCPO Communications and Industry Liaison
- DHSIndustryLiaison@hq.dhs.gov