Cybersecurity Policy

On February 12th, 2013, the President issued Executive Order 13636 Improving Critical Infrastructure Cybersecurity [PDF - 325 KB]. In accordance with Section 8(e), GSA and the Department of Defense submitted recommendations to the President addressing the feasibility, benefits, and merits of incorporating cybersecurity standards into acquisition planning and contract administration, and harmonizing procurement requirements.

Read the report - Improving Cybersecurity and Resilience through Acquisition [PDF - 2 MB]

The report provides a path forward to align Federal cybersecurity risk management and acquisition processes.Recommendations focus on the need for baseline cybersecurity for Federal contractors, workforce training, consistent cybersecurity terminology for contracts, incorporation of cyber risk management into Federal enterprise risk management, development of standardized security controls for particular types of acquisitions, limiting purchases to certain sources for higher risk acquisitions, and increasing government accountability for cybersecurity.

Related Policies

Last Reviewed: 2022-06-29