The Government Accountability Office (GAO) has released a report stating that the Department of Defense (DOD) must issue guidance on how to incorporate cybersecurity requirements for weapon systems into contracts.
GAO said Thursday that while the service branches developed guidance and policy documents for cybersecurity in weapons technologies, such guidance must also address the implementation of cybersecurity requirements in acquisition programs.
The DOD also needs to incorporate verification procedures and acceptance criteria into contracts, the report states.
“Specifically, cybersecurity requirements should be defined in acquisition program contracts, and criteria should be established for accepting or rejecting the work and for how the government will verify that requirements have been met,” according to GAO.
The watchdog noted that a DOD official has reported a need for the department to standardize its requirements for cybersecurity and improve how it communicates such requirements.
The U.S. Air Force serves as the only military branch that released service-wide guidelines on defining cybersecurity requirements for acquisition programs, GAO said.