Welcome Login

You are here

Clarification/Update - Interact Question #3 - Cyber Security Risk Management Plan

Thank you all for your valuable input and suggestions. In an effort to clear the confusion between the Alliant team’s question and a more government wide effort that is currently being socialized, please consider the proposed Alliant 2 Cyber Risk Management Plan (CRMP) is separate from, but complementary to, the implementation of Executive Order 13636.  The CRMP requirement is intended to be a top level management plan which provides information to the government sufficient to demonstrate an offeror’s understanding of and ability to provide assured solutions under Alliant 2 contract and execute under the constraints of NIST 800-53 as supported by FIPS 200.  The CRMP is a management plan, not a technical document and it is understood that specific technical requirements will be addressed at the individual task order level.

11
Share

Views: 1935

Comments

Thomas R. Goldberg
<p>Supply chain management is the critical first step to ensuring the other cyber security related activities. &nbsp;It is simply impossible to correct built in flaws, especially those that are in Hardware or BIOS/firmware. &nbsp;Once these threats are addressed the foundation upon which to build better and more secure systems will be in place. &nbsp;Until then, the vast majority of federal investments will be subject to compromise. &nbsp;John Keane (DHA -Defnse health Agency) has developed the taxonomy for dealing with software assurance that has the lowest cost and highest security potential. &nbsp;It is built upon the presumption that flaws proliferate until and unless one iteratively develops products to test for and remove flaws before deployment. &nbsp;We endorse this approach as the most appropriate process to follow as it provides assurance and buy-in by both the customer and supplier.</p><p>&nbsp;</p><p>Regards</p><p>TRG</p>
Welcome! Thank you for visiting the GSA Alliant 2 (A2) & Alliant 2 Small Business (A2SB) GWACs Community. The purpose of this site is to... More

To stay informed on the group's latest updates, subscribe here.

  • LSaxty's picture
    LSaxty
  • asisti1's picture
    asisti1
  • lknight1's picture
    lknight1