Earlier this week, the President signed the Intelligence Authorization Act for Fiscal Year 2014 (S.1681 – P.L. 113-126). The bill authorizes appropriations for intelligence and intelligence-related activities across 16 federal agencies in the intelligence community (IC). The IT Alliance for Public Sector (ITAPS) has been monitoring provisions of interest for contractors as it moved through the legislative process and created a summary of provisions of interest in the bill. It’s worth deeper analysis as the important legislation is also often used annually as a vehicle for making changes to the way contractors do business with the IC community.
Provisions of interest address topics ranging from IC employee and contractor employment requirements, electronic surveillance and cyber-defense efforts, global monitoring of foreign militaries, CIA personnel and functions, changes resulting from the Snowden leaks and insider threats and the Navy Yard tragedy and facility access, software licensing, reform of the process for issuing security clearances and contractor security plans.
For the tech sector, one of the most important provisions is a requirement for the chief information officer (CIO) in the office of the Director of National Intelligence (DNI) to conduct an inventory of software licenses every two years and assess how to achieve efficiencies in software procurement and usage.
The bill further requires DNI to establish continuous monitoring capabilities for all cleared employees and contractors, and conduct an assessment on the reliance upon civilian contractors for intelligence analysis. The legislation also requires that contractors have security plans in place consistent with standards for handling classified information, and also requires that contractors with access to classified information have the same insider threat detection capabilities as the IC.
It’s worth noting that cleared intelligence contractors will be required to notify the government of any successful unauthorized penetration of the contractor’s network or information systems and to provide the government with physical and logical access to these systems in order to perform forensic analysis in the event of a breach. This is an expansion of provisions in Sec. 941 of the FY13 National Defense Authorization Act to the IC and covers all new awards, renewals, and extensions of contract options.
Lawmakers also delegated DNI the responsibility for establishing standards for unauthorized systems penetration reporting by contractors; including the method of network penetration, an inventory of compromised data elements, and samples of any malicious software involved. To mitigate the burden of reporting to both DNI and the Department of Defense (DOD), the bill requires the two agencies to work together to establish procedures so a contractor cansubmit a single report to satisfy both DOD requirements and the provisions of the intelligence authorization.
Provisions of importance to all contractors with cleared personnel are the those found in Title V that address some of the persistent challenges faced in the clearance granting process. Congress has asked for updates on reports and requirements first established as part of the 2004 Intelligence Reform and Terrorism Protection Act regarding reciprocity and metrics for approving clearance applications and avoiding a return to backlogs in contractor clearance processing. New provisions regarding a security clearance applicant's social media activity are of critical importance in both the background investigation and eligibility process for cleared personnel.
In sum, the legislation will have real-world ramifications on who will compete in the IC and how they will need to approach this part of the public sector market. ITAPS will continue to monitor these provisions as they move to an implementation phase and solicit our members’feedback, questions and concerns.
About ITAPS. ITAPS, a division of the Information Technology Industry Council (ITI), is an alliance of leading technology companies building and integrating the latest innovative technologies for the public sector market. With a focus on the federal, state, and local levels of government, as well as on educational institutions, ITAPS advocates for improved procurement policies and practices, while identifying business development opportunities and sharing market intelligence with our industry participants. Visit itaps.itic.org to learn more. Follow us on Twitter @ITAlliancePS.