Acquisition

Pentagon releases cyber acquisition guidance

Shutterstock image.

The Defense Department's acquisition office has released guidance for program managers to better address cybersecurity risk during the acquisition process.

In a memo preceding the guidance, dated Oct. 30, officials said, "Program managers must assume that the system they field, including their external interfaces, will be under cyberattack. To be cost-effective, cybersecurity must be addressed early within acquisition and be thoughtfully integrated with systems engineering, test and evaluation, and other acquisition processes throughout the system life cycle."

The guidance is based on a handful of acquisition policies issued by the Pentagon in the past 20 months. It includes tips for systems security engineering and sample language for requests for proposals, among many other provisions. It also lists a number of underlying principles, including continuously updating data flows throughout a system's life cycle and using an "open-systems approach" to implement security architectures that can counter emerging threats.

Defense officials and outside experts have long spoken of the need to incorporate cybersecurity into acquisitions rather than patch vulnerabilities after the fact. The new guidance is an attempt to do that. Cybersecurity is also front and center in Better Buying Power 3.0, a broader set of DOD guidelines aimed at reforming the acquisition system.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

  • Defense
    Dana Deasy, DOD Chief Information Officer, hosts a roundtable discussion on the enterprise cloud initiative with reporters, Aug. 9, 2019, at the Pentagon, Washington, D.C. (DoD photo by Air Force Staff Sgt. Andrew Carroll)

    DOD CIO 'very confident' that White House influence didn't guide JEDI award

    At his Senate confirmation hearing, Defense Department CIO Dana Deasy said the department's $10 billion cloud contract was awarded by a team of experts.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.