8. Building Effective Security into Acquisitions
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices to ensure that contractors provide adequate security and privacy protections to government data and information?
Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.
must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
Require federal contractors to have cyber insurance or, alternatively, make it a + evaluation factor in bid assessments.
Get R&D activities in cyber being done in government and quasi-government labs (DARPA, DHS S&T, NIST, etc.) placed into acquisition availability faster. Issue challenges to the government and commercial labs to address specific cyber capability needs
Use certifications similar to FedRAMP (standard baseline assessment) for all IT acquisitions, not just for cloud.