Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on...

4
Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition

Transcript of Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on...

Page 1: Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

Federal Acquisition Service

U.S. General Services Administration

June 3, 2013

Joint Working Group on Improving Cybersecurity and Resilience

through Acquisition

Page 2: Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

Executive Order 13636 & Presidential Policy Directive 21

EO Sec 8(e): Within 120 days, joint report on feasibility, security benefits, and merits of incorporating cybersecurity-relevant standards in acquisition planning and contract administration; include actions to harmonize existing procurement rules. GSA-DoD Joint Working Group on Improving Cybersecurity and Resilience through

Acquisition chartered to draft recommendations (June 12, 2013)

PPD-21: DoD, DHS, and GSA to provide or support government-wide contracts for critical infrastructure systems and ensure that such contracts include audit rights for security of critical infrastructure.

To the extent applicable, the recommendations in the report will lay the foundation for establishment or identification of the contracts required by the PPD.

The agencies plan to address PPD-21 requirements after June 12th

2

Page 3: Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

Federal Register Notice - Request for Information

Feasibility How can the government increase cyber security in federal acquisitions

while minimizing barriers to entry? Are there specific categories of acquisitions to which federal cyber

security standards should (or should not) apply?

Commercial Practice Is there a widely accepted cyber security risk analysis framework?

Harmonization What are conflicts in rules, standard practices, or terms and conditions

affecting procurement practices related to cyber security and how can the federal government best resolve those conflicts?

3

Page 4: Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

DRAFT Recommendations

1. Institute Baseline Cybersecurity Requirements as a Condition of Contract Award.

2. Develop Common Cybersecurity Definitions for Federal Acquisitions.

3. Institute a Federal Acquisition Cyber Risk Management Strategy.

4. Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other Trusted Sources in Appropriate Overlays.

5. Increase Government Accountability for Cyber Risk Management.

6. Address Cybersecurity in Relevant Training.

4


BDO CYBERSECURITY SPOTLIGHT · The World We Live In – Rethinking Cybersecurity & Embedding Resilience 04 ... companies and rethinking their cyber security strategy. At BDO, we have

BDO CYBERSECURITY SPOTLIGHT · The World We Live In – Rethinking Cybersecurity & Embedding Resilience 04 ... companies and rethinking their cyber security strategy. At BDO, we have

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR ... Cybersecurity... · NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH ... Security and Resilience

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR ... Cybersecurity... · NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH ... Security and Resilience

Cybersecurity Policy Roadmap - New York State Office of ... · Cybersecurity Policy Roadmap ... It is the policy of the United States to enhance the security and resilience of the

Cybersecurity Policy Roadmap - New York State Office of ... · Cybersecurity Policy Roadmap ... It is the policy of the United States to enhance the security and resilience of the

Building strong cybersecurity in the European Union · BUILDING THE CAPACITY TO PROTECT The EU works on many fronts to strengthen cybersecurity and cyber resilience. It has an advanced

Building strong cybersecurity in the European Union · BUILDING THE CAPACITY TO PROTECT The EU works on many fronts to strengthen cybersecurity and cyber resilience. It has an advanced

Department of Homeland Security Cyber Resilience Review ... · PDF fileDepartment of Homeland Security Cyber Resilience Review ... Matthew Butkovic Technical Manager - Cybersecurity

Department of Homeland Security Cyber Resilience Review ... · PDF fileDepartment of Homeland Security Cyber Resilience Review ... Matthew Butkovic Technical Manager - Cybersecurity

What is cyber resilience? - web-oup.s3-us-gov-west-1 ... · documentary data, gathering survey responses. Is it cybersecurity or cyber resilience? Cyber security Cyber resilience.

What is cyber resilience? - web-oup.s3-us-gov-west-1 ... · documentary data, gathering survey responses. Is it cybersecurity or cyber resilience? Cyber security Cyber resilience.

Critical Infrastructure Cybersecurity - NIST · Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of

Critical Infrastructure Cybersecurity - NIST · Improving Critical Infrastructure Cybersecurity “It is the policy of the United States to enhance the security and resilience of

Resilience, Deterrence and Defence: Building strong cybersecurity … · 2018-02-16 · Building EU Resilience to cyber attacks. Reformed ENISA. EU cybersecurity Certification Framework

Resilience, Deterrence and Defence: Building strong cybersecurity … · 2018-02-16 · Building EU Resilience to cyber attacks. Reformed ENISA. EU cybersecurity Certification Framework

CRR: NIST Cybersecurity Framework Crosswalks · The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT® Resilience Management Model (CERT-RMM),

CRR: NIST Cybersecurity Framework Crosswalks · The Cyber Resilience Review is based on the Cyber Resilience Evaluation Method and the CERT® Resilience Management Model (CERT-RMM),

Organizational Resilience in Acquisition Integration ...€¦ · acquisition integration, thus answering calls for more research combining different organizational levels (Aguinis

Organizational Resilience in Acquisition Integration ...€¦ · acquisition integration, thus answering calls for more research combining different organizational levels (Aguinis

CYBER RESILIENCE REVIEW (CRR) · Cyber Resilience Review (CRR): NIST Cybersecurity Framework Crosswalks Cyber Resilience Review (CRR) to NIST Cybersecurity Framework (CSF) Crosswalk

CYBER RESILIENCE REVIEW (CRR) · Cyber Resilience Review (CRR): NIST Cybersecurity Framework Crosswalks Cyber Resilience Review (CRR) to NIST Cybersecurity Framework (CSF) Crosswalk

BUILDING AN AGILE CYBERSECURITY OPERATING MODEL FOR A ...€¦ · resilience and align the cybersecurity operating model with the organization’s new digital and IT strategies. BUILDING

BUILDING AN AGILE CYBERSECURITY OPERATING MODEL FOR A ...€¦ · resilience and align the cybersecurity operating model with the organization’s new digital and IT strategies. BUILDING

THE NATURE OF EFFECTIVE DEFENSE - accenture.com · The Nature of Effective Defense: Shifting from Cybersecurity to Cyber Resilience 2 Nowhere is resilience on better display than

THE NATURE OF EFFECTIVE DEFENSE - accenture.com · The Nature of Effective Defense: Shifting from Cybersecurity to Cyber Resilience 2 Nowhere is resilience on better display than

HEALTH SECTOR COORDINATING COUNCIL JOINT CYBERSECURITY ...€¦ · healthcare industry cybersecurity. 2.Increase the security and resilience of medical devices and health IT 3.Develop

HEALTH SECTOR COORDINATING COUNCIL JOINT CYBERSECURITY ...€¦ · healthcare industry cybersecurity. 2.Increase the security and resilience of medical devices and health IT 3.Develop

Cybersecurity: Ensuring awareness and resilience of the ... › sites › default › files › ... · Cybersecurity Ensuring awareness and resilience of the private sector across

Cybersecurity: Ensuring awareness and resilience of the ... › sites › default › files › ... · Cybersecurity Ensuring awareness and resilience of the private sector across

&.&r~&L :JJ52L& · SUBJECT: Improving Cybersecurity and Resilience through Acquisition- Final Report of the Department of Defense and General Services Administration . Section 8(c)

&.&r~&L :JJ52L& · SUBJECT: Improving Cybersecurity and Resilience through Acquisition- Final Report of the Department of Defense and General Services Administration . Section 8(c)

BSI Cybersecurity and Information Resilience · 2019-01-07 · the weakest link in your cybersecurity defence. According to research, 91% of cyber-attacks start with a phishing email.

BSI Cybersecurity and Information Resilience · 2019-01-07 · the weakest link in your cybersecurity defence. According to research, 91% of cyber-attacks start with a phishing email.

Cybersecurity, safety and resilience - Airline … GNSS...Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants

Cybersecurity, safety and resilience - Airline … GNSS...Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants

Department of Defense Installation Energy Resilience and... · Department of Defense Installation Energy Resilience ... Acquisition, Technology and Logistics ... savings/cost avoidance

Department of Defense Installation Energy Resilience and... · Department of Defense Installation Energy Resilience ... Acquisition, Technology and Logistics ... savings/cost avoidance

AiR: Asymmetry in Resilience - Cybersecurity · 2015-09-23 · PNNL-SA-107795. Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 . AiR: Asymmetry in Resilience

AiR: Asymmetry in Resilience - Cybersecurity · 2015-09-23 · PNNL-SA-107795. Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 . AiR: Asymmetry in Resilience