November 1, 2015
Officials: Be specific about cybersecurity during acquisition
Cybersecurity is serious business – vendors must know as precisely as possible what the customer wants..
Source: Federal Times, Aaron Boyd, October 21, 2015
The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology. Some officials don’t think those standards are enough and are encouraging agencies to get specific with vendors when writing cybersecurity requirements.
“In software assurance or as a computer scientist you say it’s all about the code,” Kris Britton, director of NSA’s Center for Assured Software, said during a panel discussion hosted by the Consortium for IT Software Quality (CISQ) on Oct. 13. “Ultimately it is. But it all begins — at least in government — back at the acquisition process”.
“As more products and services are being managed by third-parties, much of the cybersecurity responsibility is falling on the vendors”, Britton said, particularly for delivering resilient code. “In order for those vendors to be successful, they have to understand exactly what is expected of them”, he said.. Read More …
What does this news mean for your business? Contact your nearest PTAC to discuss the best government contracting strategy for you.
For help with Government Contracting: contact your nearest Procurement Technical Assistance Center (PTAC). Funded through Cooperative Agreements between the U.S. Department of Defense and state and local governments/institutions, PTACs provide free and low-cost assistance in virtually all areas of government contracting.