The Department of Homeland Security (DHS) will soon use a “cybersecurity readiness” assessment to evaluate whether contractors have appropriate cyber defenses in place prior to making contract awards.  That means that contractors of all sizes must have verifiable cybersecurity protections, policies, and practices in place if they want to continue doing business with DHS.  The coming requirements should not be a surprise to contractors as the government, overall, has increasingly stressed cybersecurity as a key element of being a government supplier.  A November 1^st notice signed by both the agency’s Chief Information Security Officer and executive director of acquisition policy provides more information on the requirement.  The notice, on SAM.gov, states, “It is the Department’s intention to ensure that effective and appropriate cybersecurity measures are in place by vendors supporting work where such measures are necessary. This new evaluation factor will enable DHS to evaluate vendors’ cybersecurity posture pre-award for applicable contracts to inform a best value tradeoff award decision.”  The SAM.gov notice includes the agency’s planned Cybersecurity Readiness Factor methodology and sample solicitation language.  Contractors will be required to show how their cyber systems meet NIST security protocols for handling Controlled Unclassified Information (CUI).  This is similar to, but different than, requirements being implemented at DOD via that agency’s CMMC initiative.  Companies doing business with both agencies may have to develop separate compliance systems.  Contractors bidding on DHS work that contains the cyber requirements will be given a grade of “high likelihood”, “likelihood”, or “low likelihood” of cyber readiness status.  A lower rating could definitely impact a company’s chance for an award.  As such, contractors should carefully review the SAM.gov language and plan to submit comments, which are due to DHS by November 17^th.