DOD and GSA released the above report last week. It is one of the components called for by the President’s cybersecurity Executive Order (EO 13636) issued on February 12, 2013. The report provides recommended baseline cybersecurity requirements aligning Federal cybersecurity risk management and acquisition processes. The goal is for the government to not buy products or services with inadequate built-in cybersecurity. While the report focuses its recommendations on increasing the use of cybersecurity recommendations in Federal acquisitions, it also recommends the following:
* Address cybersecurity when training the federal acquisition workforce
* Use common cybersecurity definitions in federal acquisition regulations
* Increase “government accountability” for cyber risk management
* Institute a Federal Acquisition Cyber Risk Management Strategy
* Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, in Appropriate Acquisitions.
DOD and GSA are now expected to develop an implementation plan that may be open to public comment.