GAO: DOD Must Work on Including Weapons Cybersecurity Requirements in Contracts

GAO: DOD Must Work on Including Weapons Cybersecurity Requirements in Contracts

The Government Accountability Office (GAO) has released a report stating that the Department of Defense (DOD) must issue guidance on how to incorporate cybersecurity requirements for weapon systems into contracts.

GAO said Thursday that while the service branches developed guidance and policy documents for cybersecurity in weapons technologies, such guidance must also address the implementation of cybersecurity requirements in acquisition programs.

The DOD also needs to incorporate verification procedures and acceptance criteria into contracts, the report states.

“Specifically, cybersecurity requirements should be defined in acquisition program contracts, and criteria should be established for accepting or rejecting the work and for how the government will verify that requirements have been met,” according to GAO.

The watchdog noted that a DOD official has reported a need for the department to standardize its requirements for cybersecurity and improve how it communicates such requirements.

The U.S. Air Force serves as the only military branch that released service-wide guidelines on defining cybersecurity requirements for acquisition programs, GAO said.

You may also be interested in...

David McKeown

David McKeown: DOD Eyes Creation of Zero-Trust-Focused Portfolio Office

David McKeown, the Department of Defense's (DOD) equivalent of a chief information security officer, said DOD is looking to establish a portfolio management office that specializes in zero-trust cybersecurity. The office's creation would help DOD centralize and manage efforts to implement a zero-trust architecture, which strictly imposes requirements before one is able to access the defense network.