8. Building Effective Security into Acquisitions
8. Building Effective Security into Acquisitions
IT Hardware Country of Origin Limits
Voting
8. Building Effective Security into Acquisitions
Enforce existing requirements
must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »
Voting
1. Addressing Cyber Fundamentals
Supported ITAPS recommendations, part 4
Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »
Voting
8. Building Effective Security into Acquisitions
Supported ITAPS recommendations
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
Voting
2. Business Initiated Vulnerabilities
Create Gov Wide "Security Maven" Program for Gov IT Developers
IT security in government is typically organized as a silo focused on protecting production systems. A government-wide security maven program would help tear down the existing" expertise" and "contractual" barriers... more »
Voting
2. Business Initiated Vulnerabilities
Partner Security Incentive (SuperSIG)
Give a plus in evaluations of companies for primes that incentivize partners to address business-led security
Voting
8. Building Effective Security into Acquisitions
Cyber Insurance Requirements (SuperSIG)
Require federal contractors to have cyber insurance or, alternatively, make it a + evaluation factor in bid assessments.
Voting
8. Building Effective Security into Acquisitions
Faster Cyber R&D Cycles (SuperSIG)
Get R&D activities in cyber being done in government and quasi-government labs (DARPA, DHS S&T, NIST, etc.) placed into acquisition availability faster. Issue challenges to the government and commercial labs to address specific cyber capability needs
Voting
8. Building Effective Security into Acquisitions
FedRAMP type Security Requirements (SuperSIG)
Use certifications similar to FedRAMP (standard baseline assessment) for all IT acquisitions, not just for cloud.
Voting
8. Building Effective Security into Acquisitions