Presentation is loading. Please wait.

Presentation is loading. Please wait.

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

Published byGonzalo Dallis Modified over 9 years ago

Similar presentations

Presentation on theme: "U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,"— Presentation transcript:

1 U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17, 2013

2 2 Background: We Have a Problem  When the government purchases products or services with inadequate in-built “cybersecurity,” the risks created persist throughout the lifespan of the item purchased. The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.  Currently, government and contractors use varied and nonstandard practices, which make it difficult to consistently manage and measure acquisition cyber risks across different organizations.  Meanwhile, due to the growing sophistication and complexity of ICT and the global ICT supply chains, federal agency information systems are increasingly at risk of compromise, and agencies need guidance to help manage ICT supply chain risks

3 Executive Order 13616  On February 12, 2013, the President issued Executive Order (EO) 13636 directing Federal agencies to provide stronger protections for cyber-based systems that are critical to our national and economic security. Among other things, the EO required GSA, and DoD to: “… make recommendations to the President, … on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration”  Collaborative effort between GSA, DoD, OFPP, DHS, and NIST –Over 60 individual stakeholder engagements in four months –Federal Register RFI – 28 comments received (www.regulations.gov) –Report to the POTUS recommending acquisition reforms that will result in improvements to cybersecurity 3

4 Improving Cybersecurity Through Acquisition  Implementing the Recommendations: 1.Baseline cybersecurity requirements for contractors Framework Profile? NIST SP 800-53r4? FIPS? SANS 20? 2.Training for Federal and industry workforces Awareness, technology, products/services, contracting-specific 3.Cybersecurity definitions for contracts Framework? CNSS? NIST SPs? FIPS? 4.Acquisition cybersecurity risk management strategy NIST SP s + Framework Profile + FIPS + + +? 5.High-risk purchases only from “trusted “sources OMs and “Authorized,” (OTTP-S, ISO, AS6496?) + FAR QBLs (9.2) 6.Increased government accountability for cybersecurity risk management Define organizational risk tolerance 4

5 5 What’s Next? Time to Engage! Cyber-Acquisition RFI [ date TBD ] –Include outline of implementation plan and pose questions –Solicit public comment for 45 days –Public meetings / broad stakeholder outreach –Closing to coincide with final Cybersecurity Framework –Provide basis for FAR business case Framework: http://www.nist.gov/itl/cybersecurity-102213.cfm http://www.nist.gov/itl/cybersecurity-102213.cfm DHS Voluntary Program: EO-PPDTaskForce@hq.dhs.gov EO-PPDTaskForce@hq.dhs.gov

6 Contact Information Emile Monette Senior Advisor for Cybersecurity GSA Office of Mission Assurance emile.monette@gsa.gov 6

Download ppt "U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,"

Similar presentations

Presented by the US Department of Education. More information at

Presented by the US Department of Education. More information at
Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Federal Acquisition Service U.S. General Services Administration Information Technology Government Council ITIGC Quarterly Meeting Policy Update Mark J.

Federal Acquisition Service U.S. General Services Administration Information Technology Government Council ITIGC Quarterly Meeting Policy Update Mark J.
U.S. General Services Administration Presentation to: ITIC Improving Cybersecurity through Acquisition Emile Monette Senior Advisor for Cybersecurity GSA.

U.S. General Services Administration Presentation to: ITIC Improving Cybersecurity through Acquisition Emile Monette Senior Advisor for Cybersecurity GSA.
U.S. General Services Administration Presentation to: ACT-IAC Cybersecurity SIG Improving Cybersecurity through Acquisition Emile Monette Senior Advisor.

U.S. General Services Administration Presentation to: ACT-IAC Cybersecurity SIG Improving Cybersecurity through Acquisition Emile Monette Senior Advisor.
Bill Newhouse Two Government Cybersecurity Initiatives NIST.

Bill Newhouse Two Government Cybersecurity Initiatives NIST.
KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Overview of New Government Protections Against Trafficking in the Federal Supply Chain Mathew Blum, Associate Administrator, Office of Federal Procurement.

Overview of New Government Protections Against Trafficking in the Federal Supply Chain Mathew Blum, Associate Administrator, Office of Federal Procurement.
CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES John Teeter Deputy Chief Information.

CHIEF INFORMATION OFFICER DEPARTMENT OF HEALTH AND HUMAN SERVICES OFFICE OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES John Teeter Deputy Chief Information.
IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development EDUCAUSE Live! November 14,

IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development EDUCAUSE Live! November 14,
Procurement Transformation State of North Carolina

Procurement Transformation State of North Carolina
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul

Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
U.S. General Services Administration Sustainable Procurement with the Government Purchase Card Adam Jones Procurement Analyst Program Analysis Division.

U.S. General Services Administration Sustainable Procurement with the Government Purchase Card Adam Jones Procurement Analyst Program Analysis Division.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

Similar presentations

Ads by Google