Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on...
-
Upload
cori-mitchell -
Category
Documents
-
view
214 -
download
0
Transcript of Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on...
Federal Acquisition Service
U.S. General Services Administration
June 3, 2013
Joint Working Group on Improving Cybersecurity and Resilience
through Acquisition
Executive Order 13636 & Presidential Policy Directive 21
EO Sec 8(e): Within 120 days, joint report on feasibility, security benefits, and merits of incorporating cybersecurity-relevant standards in acquisition planning and contract administration; include actions to harmonize existing procurement rules. GSA-DoD Joint Working Group on Improving Cybersecurity and Resilience through
Acquisition chartered to draft recommendations (June 12, 2013)
PPD-21: DoD, DHS, and GSA to provide or support government-wide contracts for critical infrastructure systems and ensure that such contracts include audit rights for security of critical infrastructure.
To the extent applicable, the recommendations in the report will lay the foundation for establishment or identification of the contracts required by the PPD.
The agencies plan to address PPD-21 requirements after June 12th
2
Federal Register Notice - Request for Information
Feasibility How can the government increase cyber security in federal acquisitions
while minimizing barriers to entry? Are there specific categories of acquisitions to which federal cyber
security standards should (or should not) apply?
Commercial Practice Is there a widely accepted cyber security risk analysis framework?
Harmonization What are conflicts in rules, standard practices, or terms and conditions
affecting procurement practices related to cyber security and how can the federal government best resolve those conflicts?
3
DRAFT Recommendations
1. Institute Baseline Cybersecurity Requirements as a Condition of Contract Award.
2. Develop Common Cybersecurity Definitions for Federal Acquisitions.
3. Institute a Federal Acquisition Cyber Risk Management Strategy.
4. Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other Trusted Sources in Appropriate Overlays.
5. Increase Government Accountability for Cyber Risk Management.
6. Address Cybersecurity in Relevant Training.
4