In response to the President’s Executive Order on February 12, 2013, the General Services Administration (GSA) and the Department of Defense (DOD) have published a Request for Information (RFI) for improving cyber security. This is a key collaboration opportunity to work with the government, as well as, a marketing opportunity as a contributor for implementing an Executive Order. Input needs to be submitted no later than June 12, 2013.
This cyber security RFI touches on several different aspects such as information security, supply chain risk management, information assurance, software assurance, and digital infrastructure. This RFI presents a key opportunity for gathering input that may eventually find it’s way into acquisition and contracting processes. Additionally, the RFI makes distinctions between what is required for classified and unclassified acquisitions.
Responses should focus on three main areas: feasibility and federal acquisition, commercial practices, and harmonization. The feasibility and federal acquisition area emphasizes issues, such as methodologies, constraints, standards, and implications in implementing cyber security measures in federal acquisitions and contracts. The commercial practices area looks into risk analysis frameworks, risk management processes, cyber security suppliers and tools, and performance metrics and goals. Lastly, the harmonization area focuses on addressing any existing conflicts with the current contract statutes, requirements, regulations, policies, or terms and conditions. Answers to these questions could simplify or complicate future contracts and acquisitions, depending on the input received and the implementation strategy.
While it can be difficult to know when to participate in an RFI and when to ignore them, if cyber security is a strategic business area for you as an individual, for your company, or for your agency, it is important to have a hand in shaping the future requirements for this business area. This cyber security RFI helps companies submit recommendations along their skillsets and capabilities, providing the opportunity to contribute to (and market) the direction of a critical and strategic area of homeland defense. The RFI is also an opportunity for companies to have a say (before contract negotiations and award) into what standards should be incorporated into the acquisition and contract process. Lastly, if nothing else, it helps give a leg up on potential items that may come up later in homeland security, physical security, and infrastructure related projects. Participating and being aware of the results can provide a leading edge when it comes to implementation.