Acquisition

Pentagon releases cyber acquisition guidance

Shutterstock image.

The Defense Department's acquisition office has released guidance for program managers to better address cybersecurity risk during the acquisition process.

In a memo preceding the guidance, dated Oct. 30, officials said, "Program managers must assume that the system they field, including their external interfaces, will be under cyberattack. To be cost-effective, cybersecurity must be addressed early within acquisition and be thoughtfully integrated with systems engineering, test and evaluation, and other acquisition processes throughout the system life cycle."

The guidance is based on a handful of acquisition policies issued by the Pentagon in the past 20 months. It includes tips for systems security engineering and sample language for requests for proposals, among many other provisions. It also lists a number of underlying principles, including continuously updating data flows throughout a system's life cycle and using an "open-systems approach" to implement security architectures that can counter emerging threats.

Defense officials and outside experts have long spoken of the need to incorporate cybersecurity into acquisitions rather than patch vulnerabilities after the fact. The new guidance is an attempt to do that. Cybersecurity is also front and center in Better Buying Power 3.0, a broader set of DOD guidelines aimed at reforming the acquisition system.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.