must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »
Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
IT security in government is typically organized as a silo focused on protecting production systems. A government-wide security maven program would help tear down the existing" expertise" and "contractual" barriers... more »
Give a plus in evaluations of companies for primes that incentivize partners to address business-led security
Require federal contractors to have cyber insurance or, alternatively, make it a + evaluation factor in bid assessments.
Get R&D activities in cyber being done in government and quasi-government labs (DARPA, DHS S&T, NIST, etc.) placed into acquisition availability faster. Issue challenges to the government and commercial labs to address specific cyber capability needs
Use certifications similar to FedRAMP (standard baseline assessment) for all IT acquisitions, not just for cloud.