CONTRACTING DOCS: OPM SEEKS TO TIGHTEN IT SECURITY OF BACKGROUND INVESTIGATION COMPANIES

Source: Jack Moore, NextGov, February 5, 2016

Contractors that conduct background investigations for the federal government will have to report information security incidents to the Office of Personnel Management within half an hour, are required to use smartcards as a second layer of security when logging on to agency networks and must agree to let OPM inspect their systems at any time. Those are new requirements OPM has written into draft contracting documents released last month that govern how the personal, often sensitive, information gleaned during background investigations should be stored on contractors’ computer systems. … The security of OPM systems — and of the system of private companies whose employees do most of the legwork in conducting background investigations — came under scrutiny last summer when it was revealed hackers breached computer systems belonging to both OPM and its two major contractors. The hackers, purportedly Chinese cyberspies, were presumably on the hunt for information on the U.S. national security workforce.