The Department of Defense (DOD) and the General...
The Department of Defense (DOD) and the General Services Administration (GSA) should “use caution in imposing a set of baseline cybersecurity standards,” the Telecommunications Industry Association said Monday in comments filed with the GSA (http://bit.ly/S2Wsxz). The agencies were seeking public comment on joint recommendations that the federal government institute baseline cybersecurity standards as a condition for contract acquisition awards. The recommendations were issued as part of the implementation of President Barack Obama’s cybersecurity executive order (CD Jan 30 p20). TIA said it believes “efforts to improve cybersecurity, including in federal procurement, should leverage existing standardization and related accreditation programs in all cases possible.” Cybersecurity requirements “should be outcome-driven, not focused on the process by which a contractor may innovate to get to that outcome.” Federal acquisition risk management strategies should rely on voluntary, consensus-based standards where possible, TIA said. The group said it supports the agencies’ recommendation that the government develop common cybersecurity definitions for federal acquisitions. GSA should “provide clarity” on the scope of the recommendations and ensure implementation efforts “ensure flexibility and the ability to innovate,” TIA said. Implementation should also take into account international standards, the group said (http://bit.ly/S2Wsxz).