Use certifications similar to FedRAMP (standard baseline assessment) for all IT acquisitions, not just for cloud.
Get R&D activities in cyber being done in government and quasi-government labs (DARPA, DHS S&T, NIST, etc.) placed into acquisition availability faster. Issue challenges to the government and commercial labs to address specific cyber capability needs
Require federal contractors to have cyber insurance or, alternatively, make it a + evaluation factor in bid assessments.
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices to ensure that contractors provide adequate security and privacy protections to government data and information?
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency
using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had... more »