GSA and DoD recommend changes to acquisition process that will strengthen cybersecurity

DOD GSA The General Services Administration (GSA) invites comments from the public to the final report produced by a Joint Working Group on Improving Cybersecurity and Resilience through Acquisition, produced by GSA and the Department of Defense, which included six specific recommendations.

Interested parties have until April 28 to submit their comments.

“Purchasing products and services that have appropriate cybersecurity designed and built in may have a higher up-front cost in some cases, but doing so reduces total cost of ownership by providing risk mitigation and reducing the need to fix vulnerabilities in fielded solutions,” says the working group’s final report.

“Increasingly, the Federal government relies on network connectivity, processing power, data storage, and other information and communications technology (ICT) functions to accomplish its missions,” the report continues. “The networks the government relies on are often acquired and sustained through purchases of commercial ICT products and services.”

The six recommendations included in the report, which was written in response to President Obama’s Executive Order 13636, of Feb. 12, 2013, are as follows:

  • Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions;
  • Address cybersecurity in relevant training;
  • Develop common cybersecurity definitions for federal acquisitions;
  • Institute a federal acquisition cyber risk management strategy;
  • Include a requirement to purchase from Original Equipment Manufacturers (OEMs), their authorized resellers, or other “trusted” sources, whenever available, in appropriate acquisitions;
  • Increase government accountability for cyber risk management.

To see the final report, click here.

Further information is available from Emile Monette, of the GSA, at 703-615-1734 or emile.monette@gsa.gov.