Cybersecurity Policy

On February 12th, 2013, the President issued Executive Order 13636 Improving Critical Infrastructure Cybersecurity [PDF - 325 KB]. In accordance with Section 8(e), GSA and the Department of Defense submitted recommendations to the President addressing the feasibility, benefits, and merits of incorporating cybersecurity standards into acquisition planning and contract administration, and harmonizing procurement requirements.

Read the report - Improving Cybersecurity and Resilience through Acquisition [PDF - 2 MB]

The report provides a path forward to align Federal cybersecurity risk management and acquisition processes.Recommendations focus on the need for baseline cybersecurity for Federal contractors, workforce training, consistent cybersecurity terminology for contracts, incorporation of cyber risk management into Federal enterprise risk management, development of standardized security controls for particular types of acquisitions, limiting purchases to certain sources for higher risk acquisitions, and increasing government accountability for cybersecurity.

Related Policies

• Cybersecurity Executive Order 13800 (May 2017)
• Federal Information Security Modernization Act of 2014 (FISMA) (Public Law 113-283) (PDF, December 2014)
• Presidential Policy Directive PPD-21: Critical Infrastructure Security and Resilience [PDF - 127 KB] (PDF, February 2013)