The actions recommended are contained in a joint report -- "Improving Cybersecurity and Resilience through Acquisition" -- released earlier this week.
The recommendations are: instituting baseline cybersecurity requirements as a condition of contract awards for appropriate acquisitions, including cybersecurity in acquisition training; developing common cybersecurity definitions for federal acquisitions; instituting a federal acquisition cyberrisk management strategy, including a requirement to purchase from original equipment manufacturers, their authorized resellers or other trusted sources, and increasing government accountability for cyberrisk management.
"This report is an important step to improving the cybersecurity of our acquisition processes," said Frank Kendall, undersecretary of defense for acquisition, logistics and technology. "Ensuring we have fully implemented the recommendations of this report will be instrumental in addressing the growing cyberrisks we face."
"The ultimate goal of the recommendations is to strengthen the federal government's cybersecurity by improving management of the people, processes, and technology affected by the Federal Acquisition System," GSA Administrator, Dan Tangherlini added.
The report is part of the government's implementation of executive order 13636 and presidential policy directive 21, and was prepared by a working group of subject matter experts.
The Defense Department and GSA said a request for public comment on the draft implementation plan will be published in the Federal Register in February.