The New Guidance on Cybersecurity Acquisition –
What Contracting Professionals Must Learn Now
The Tower Club, Tysons Corner, VA
May 22, 2014, 8:00AM – 11:00AM, Registration 7:30AM
Registration Fee: Premier Member $95; Standard Member $145; Non-Member $215
The Coalition will be hosting a morning panel discussion and workshop on the implications for contractors of the new DoD and GSA final report and guidance on cybersecurity acquisition – including an overview and update on the Draft Implementation Plan and:
- Improving Cybersecurity and Resilience through Acquisition – Final Report of the Department of Defense and General Services Administration (January 23, 2014)
- Management Strategy Considerations on the Draft Implementation Plan (March 12, 2014)
- Framework for Improving Critical Infrastructure Cybersecurity, the National Institute of Standards and Technology (NIST) (February 12, 2014)
- The DoD (DFARS) Final Rule on enhanced safeguards for unclassified CTI (controlled technical information) (November 18, 2013)
- The President’s Executive Order, EO 13636 (February 12, 2013)
- The Status of Proposed and Pending Federal Legislation
The specific recommendations from the DoD – GSA Final Report include:
- Institute Baseline Cybersecurity Requirements as a Condition of Contract Award for Appropriate Acquisitions
- Address Cybersecurity in Relevant Training
- Develop Common Cybersecurity Definitions for Federal Acquisitions
- Institute a Federal Acquisition Cyber Risk Management Strategy
- Include a Requirement to Purchase from Original Equipment Manufacturers, Their Authorized Resellers, or Other “Trusted” Sources, Whenever Available, In Appropriate Acquisitions
- Increase Government Accountability for Cyber Risk Management
A primary purpose of the DoD – GSA Final Report is to recommend strategic guidelines for acquisition practitioners. In addition to covering the substantive materials, panelists will discuss the following issues as they relate to the new guidance, NIST Framework, and DFARS rule:
- How government, schedule, and commercial contractors should prepare and respond to the new guidance in proposal efforts
- Is it likely that the new guidance will move from voluntary to mandatory for contractors in the near future?
- With an estimated $46 Billion spent on global critical infrastructure cybersecurity in 2013, how much is enough?
- Are Risk Management principles and Best Practices management sufficient in this current threat and vulnerability environment?
- Are there implications in the new guidance for the certification and qualifications of FedRAMP contractors in providing cloud services?
Discussions will likely include Cloud issues as well as network security and certification, and the two panels will include the following:
Confirmed Speakers Include:
- Jon Boyens, Senior Advisor for Information Security, NIST
- David Z. Bodenheimer, Partner, Crowell & Moring LLP
- Beth Ferrell, Partner, McKenna Long & Aldridge
- Tom Barletta, Partner, Steptoe & Johnson
We are confident that the information, sources, and resources covered will strengthen your cybersecurity efforts and expand your knowledge in this critical area and we look forward to your participation.
To register, click HERE!