The General Services Administration has started to develop a cybersecurity risk profile for federal agencies to use when they purchase information technology products and services, Federal News Radio reported Friday.
Emile Monette, senior adviser for resilience and cybersecurity at GSA’s Office of Governmentwide Policy, told the station agencies will work to prioritize risk assessment in acquisitions, Jason Miller writes.
“When you think about having baseline cybersecurity requirements as a condition for contract award for appropriate acquisitions, well, we don’t really know what appropriate acquisitions are until we fully understand the risk posture of those acquisitions,” Monette said in an interview with the station.
Miller reports that GSA held a public meeting on June 5 to hear feedback from IT vendors, big data stakeholders, consultants and other experts on how to form the risk management framework in acquisitions of IT platforms and services.
Monette told the station he expects GSA to have the initial list of risk indicators for IT acquisition processes ready for implementation by fall of this year.