Welcome Login

You are here

Software and Supply Chain Assurance (SSCA) Forum & WG

When the government purchases products or services with inadequate in-built cybersecurity, the risks persist throughout the lifespan of the item purchased.  The lasting effect of inadequate cybersecurity in acquired items is part of what makes acquisition reform so important to achieving cybersecurity and resiliency.  Purchasing products and services that have appropriate cybersecurity designed and built in may have a higher up-front cost in some cases, but doing so reduces total cost of ownership by providing risk mitigation and reducing the need to fix vulnerabilities in fielded solutions.

Increasingly, the Federal government relies on network connectivity, processing power, data storage, and other information and communications technology (ICT) functions, to accomplish its missions.  The networks the government relies on are often acquired and sustained through purchases of commercial ICT products and services.  These capabilities greatly benefit the government, but have also, in some cases, made the government more vulnerable to cyber attacks and exploitation. 

Resilience to cyber risks has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy.  While the report focuses its recommendations on increasing the use of cybersecurity standards in Federal acquisitions, the DoD and the GSA view the ultimate goal of the recommendations as strengthening the cyber resilience of the Federal government by improving management of the people, processes, and technology affected by the Federal Acquisition System.

The terms “Federal acquisition(s),” or “acquisition(s),” are used throughout this report to mean all activities of Departments and Agencies to acquire new or modified goods or services, including strategic planning, capabilities needs assessment, systems acquisition, and program and budget development. See, e.g., “Big "A" Concept and Map

When the government purchases products or services with inadequate in-built cybersecurity, the risks persist throughout the lifespan of the item... More
  • tburnett@spacebound
  • mattaj
  • CLC00