A joint study from the Defense Department and General Services Administration recommends implementing cybersecurity requirements in processes and services of government contractors, Fierce Government IT reported Monday.
David Perera writes the “Improving Cybersecurity and Resilience through Acquisition” report proposes security controls to be integrated into a company’s operations and contracted product or service.
The report is intended to follow a February 2013 executive order calling for measures to further build up cybersecurity for critical infrastructure, Perera adds.
Additionally, DoD and GSA recommends contractors adopt a cross-agency acquisition cyber-risk management strategy and use cyber-risk as a factor in enterprise risk management assessment.
Contractors were also asked to identify trusted sources, original manufacturers or authorized resellers for federal acquisition activities and use metrics that include quality control systems.