8. Building Effective Security into Acquisitions

With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices to ensure that contractors provide adequate security and privacy protections to government data and information?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

8. Building Effective Security into Acquisitions

Assured Visibility, Control, Compliance for Effective Security

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, ...more »

Submitted by

Voting

0 votes
Public Input

8. Building Effective Security into Acquisitions

Common Criteria Already covers Acquisition ?

It seems as though existing federal acquisition processes like the Common Criteria already have supply chain review requirements that vendors have to meet. However rather than forcing every vendor through that rigorous of a process, could there be a self assessment form (requiring some simple evidence that could be captured with a cell phone camera) that vendors wishing to sell to the government were required to complete? ...more »

Submitted by

Voting

1 vote
Public Input

8. Building Effective Security into Acquisitions

Faster Cyber R&D Cycles (SuperSIG)

Get R&D activities in cyber being done in government and quasi-government labs (DARPA, DHS S&T, NIST, etc.) placed into acquisition availability faster. Issue challenges to the government and commercial labs to address specific cyber capability needs

Submitted by

Voting

2 votes
Public Input

8. Building Effective Security into Acquisitions

Recommended Changes Needed in Government Acquisition Process

With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices to ensure that contractors provide adequate security and privacy protections to government data and information?

Submitted by

Voting

2 votes
Public Input

8. Building Effective Security into Acquisitions

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices ...more »

Submitted by

Voting

1 vote
Public Input

8. Building Effective Security into Acquisitions

Enforce existing requirements

In 2011 the White House via OMB issued a Memo M-11-11 that stated "Effective the beginning of FY2012, existing physical and logical access control systems must be upgraded to use PIV credentials , in accordance with NIST guidelines, prior to the agency using development and technology refresh funds to complete other activities." https://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-11.pdf. This memo, had ...more »

Submitted by

Voting

5 votes
Public Input

8. Building Effective Security into Acquisitions

IT Hardware Country of Origin Limits

With the preponderance of IT devices and chipsets being manufactured in China, there is a distinct possibility that the PLA is hard-coding spyware and back-doors in the hardware built there. Acquisition laws need to specifically require that all components & sub-components used in sensitive IT / data communications systems be built / fabricated and assembled by U.S. companies in the US. Further, safeguards (inspections ...more »

Submitted by

Voting

8 votes
Public Input

8. Building Effective Security into Acquisitions

Working with Insurance Industry for Standards

There is a rapid increase in cyber insurance across the commercial landscape. This is getting the C-level attention because the risk and costs are being codified into actual numbers, not just fear of something bad happening. The Federal Government should leverage off this trend and require all Government contractors to have a level of insurance, which will likewise drive a level of accountability and measurement. This ...more »

Submitted by

Voting

7 votes
Public Input