Improving Cybersecurity and Resilience through Acquisition - Final Report of the Department of Defense and General Services Administration

Abstract

This document constitutes the final report of the Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience through Acquisition. The report is one component of the government-wide implementation of Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21. It was developed in collaboration with stakeholders from Federal agencies and industry and with the assistance of the Department of Homeland Security's Integrated Task Force.1 The Working Group also coordinated development of the recommendations closely with the Department of Commerce, National Institute of Standards and Technology's (NIST) development of a framework to reduce cyber risks to critical infrastructure (Cybersecurity Framework), and in parallel to the Departments of Commerce, Treasury, and Homeland Security reports on incentives to promote voluntary adoption of the Cybersecurity Framework. This jointly issued report is the culmination of a four-month process by an interagency working group comprised of topic-knowledgeable individuals selected from the Federal government. One of the major impediments to changing how cybersecurity is addressed in Federal acquisitions is the differing priorities of cyber risk management and the Federal Acquisition System. The Acquisition Workforce6 is required to fulfill numerous, sometimes conflicting, policy goals through their work, and cybersecurity is but one of several competing priorities in any given acquisition. The importance of cybersecurity to national and economic security dictates the need for a clear prioritization of cyber risk management as both an element of enterprise risk management and as a technical requirement in acquisitions that present cyber risks. The importance of cybersecurity relative to the other priorities in Federal acquisition should be made explicit.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2013
Accession Number
ADA594582

Entities

Organizations

  • United States Department of Defense

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Acquisition
  • Commerce
  • Contracts
  • Cybersecurity
  • Department Of Defense
  • Government Procurement
  • Governments
  • Homeland Security
  • National Governments
  • National Security
  • Procurement
  • Resilience
  • Risk
  • Risk Analysis
  • Risk Management
  • Supply Chain
  • United States Government

Readers

  • Cybersecurity.
  • Government and Public Administration Law.
  • Organizational Process Management (OPM).

Technology Areas

  • Cyber