Email this Article Email   

CHIPS Articles: GSA and DoD Announce Acquisition Cybersecurity and Resilience Recommendations

GSA and DoD Announce Acquisition Cybersecurity and Resilience Recommendations
By DoD News - February 11, 2014
The Department of Defense and U.S. General Services Administration (GSA) jointly released a report today, “Improving Cybersecurity and Resilience through Acquisition,” announcing six planned reforms to improve the cybersecurity and resilience of the Federal Acquisition System.

"This report is an important step to improving the cybersecurity of our acquisition processes,” said Undersecretary of Defense for Acquisition, Logistics and Technology, Frank Kendall. “Ensuring we have fully implemented the recommendations of this report will be instrumental in addressing the growing cyber risks we face."

“The ultimate goal of the recommendations is to strengthen the federal government’s cybersecurity by improving management of the people, processes, and technology affected by the Federal Acquisition System. GSA and DoD will continue to engage stakeholders to develop a repeatable process to address cyber risks in the development, acquisition, sustainment, and disposal lifecycles for all federal procurements,” said GSA Administrator, Dan Tangherlini.

The report provides a path forward to aligning federal cybersecurity risk management and acquisition processes. It provides strategic recommendations for addressing relevant issues, suggests how challenges might be resolved, and identifies important considerations for the implementation of the recommendations.

The six recommended reforms are:

  • Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions.
  • Include cybersecurity in acquisition training.
  • Develop common cybersecurity definitions for federal acquisitions.
  • Institute a federal acquisition cyber risk management strategy.
  • Include a requirement to purchase from original equipment manufacturers, their authorized resellers, or other trusted sources.
  • Increase government accountability for cyber risk management.

The report is one component of the government-wide implementation of E.O. 13636 and Presidential Policy Directive (PPD) 21, and was prepared by a working group comprised of subject matter experts selected from across the Federal government. The report was submitted to the President in accordance with Section 8(e) of Executive Order (E.O.) 13636.

DoD and GSA are committed to implementing the recommendations through integration with the numerous ongoing related activities like supply chain threat assessments and anti-counterfeiting.

The agencies will use a structured approach with continued dedication to stakeholder engagement, and develop a repeatable process to address cyber risks in the development, acquisition, sustainment, and disposal lifecycles for all Federal procurements. The implementation will also harmonize the recommendations with existing risk management processes under Federal Information Security Management Act and OMB guidance.

A request for public comment on the draft implementation plan will be published in the Federal Register in February.

For a complete copy of the report please visit: http://www.defense.gov/news/Improving-Cybersecurity-and-Resilience-Through-Acquisition.pdf.

DoD News Release of Jan. 29, 2014.

 Department of Defense seal
Department of Defense seal
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer