The Department of Defense and the General Services Administration announced six planned reforms to improve the cybersecurity and resilience of the federal acquisition system. The recommendations appear in a jointly issued report, “Improving Cybersecurity and Resilience through Acquisition.”
The recommended reforms are:
- Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions;
- Include cybersecurity in acquisition training;
- Develop common cybersecurity definitions for federal acquisitions;
- Institute a federal acquisition cyber risk management strategy;
- Include a requirement to purchase from original equipment manufacturers, their authorized resellers, or other trusted sources; and
- Increase government accountability for cyber risk management
The report was submitted to President Obama in accordance with Section 8(e) of Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” It is one component of the government-wide implementation of EO 13636 and Presidential Policy Directive 21.
According to GSA Administrator Dan Tangherlini, “The ultimate goal of the recommendations is to strengthen the federal government’s cybersecurity by improving management of the people, processes, and technology affected by the Federal Acquisition System. GSA and the Department of Defense will continue to engage stakeholders to develop a repeatable process to address cyber risks in the development, acquisition, sustainment, and disposal lifecycles for all Federal procurements.”
A request for public comment on the draft implementation plan will be published in the Federal Register in February.