Request for Information Issued by GSA Joint Working Group on Improving Cybersecurity and Resilience through Acquisition
On February 12, President Obama issued the Executive Order for Improving Critical Infrastructure Cybersecurity (E.O. 13636). In accordance with Section 8(e) of E.O. 13636, within 120 days, the General Services Administration and the Department of Defense, in consultation with the Department of Homeland Security and the Federal Acquisition Regulation Council, are required to make recommendations on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration and address what steps can be taken to harmonize, and make consistent, existing procurement requirements related to cybersecurity.
Public outreach is a critically important activity for implementation of the Executive Order. In an effort to obtain broad stakeholder involvement, the General Services Administration and the Department of Defense are publishing this request for information (RFI) seeking information that can be used in the Section 8(e) report.
Below are a few of the 37 questions this information notice is seeking public input. Please see the entire notice on the Federal Register.
1. What is the most feasible method to incorporate cybersecurity-relevant standards in acquisition planning and contract administration? What are the cost and other resource implications for the federal acquisition system stakeholders?
2. How can the federal acquisition system, given its inherent constraints and the current fiscal realities, best use incentives to increase cybersecurity amongst federal contractors and suppliers at all tiers? How can this be accomplished while minimizing barriers to entry to the federal market?
3. What are the implications of imposing a set of cybersecurity baseline standards and implementing an associated accreditation program?
4. How can cybersecurity be improved using standards in acquisition planning and contract administration?
Dates: Effective date: Submit comments on or before June 12, 2013.
Comments: Submit comments in response to Notice-OERR-2013-01 by any of the following methods:
•Regulations.gov: Submit comments via the Federal eRulemaking portal by searching for “Notice-OERR-2013-01”. Select the link “Submit a Comment” that corresponds with “Notice-OERR-2013-01”. Follow the instructions provided at the “Submit a Comment” screen. Please include your name, company name (if any), and “Notice-OERR-2013-01” on your attached document.
•Mail: General Services Administration, Regulatory Secretariat (MVCB), ATTN: Hada Flowers, 1275 First Street NE., 7th Floor, Washington, DC 20417.
Instructions: Please submit comments only and cite “Notice-OERR-2013-01”, in all correspondence related to this case. All comments received will be posted without change to Regulations.gov, including any personal and/or business confidential information provided.
Assistant Chief Counsel Major Clark, III