GSA, DOD acquisition reform plan puts spotlight cybersecurity

The General Services Administration and the Defense Department have named six planned reforms to improve cybersecurity in acquisitions in a report sent to President Obama.

The report, Improving Cybersecurity and Resilience through Acquisition, has recommendations for addressing issues, suggests solutions to challenges, and identies important considerations on how the reforms should be implemented.

The reforms are as follow:

• Institute baseline cybersecurity requirements as a condition of contract award for appropriate acquisitions
• Include cybersecurity in acquisition training
• Develop common cybersecurity definitions for federal acquisitions
• Institute a federal acquisition cyber risk management strategy
• Include a requirement to purchase from original equipment manufacturers, their authorized resellers, or other trusted sources
• Increase government accountability for cyber risk management

The implementation of these reforms will be mindful of existing risk management processes under the Federal Information Security Act and Office of Management and Budget guidance, the report said.