Showing 3 ideas for tag "policy"

8. Building Effective Security into Acquisitions

IT Hardware Country of Origin Limits

Community Member kudos icon + Community member
With the preponderance of IT devices and chipsets being manufactured in China, there is a distinct possibility that the PLA is hard-coding spyware and back-doors in the hardware built there. Acquisition laws need to specifically require that all components & sub-components used in sensitive IT / data communications systems be built / fabricated and assembled by U.S. companies in the US. Further, safeguards (inspections... more »

Voting

8 votes
Public Input

8. Building Effective Security into Acquisitions

Enforce existing requirements

Community Member kudos icon + Community member
In 2011 the White House via OMB issued a Memo M-11-11 that stated "Effective the beginning of FY2012, existing physical and logical access control systems
must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »

Voting

5 votes
Public Input

8. Building Effective Security into Acquisitions

Supported ITAPS recommendations

Community Member kudos icon + Community member
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »

Voting

1 vote
Public Input