The administration has been pushing agencies to include more cybersecurity language in contracts, specifically in citing control standards like those advanced by the National Institute of Standards and Technology.
Some officials don’t think those standards are enough and are encouraging agencies to get specific with vendors when writing cybersecurity requirements.
“In software assurance or as a computer scientist you say it’s all about the code,” Kris Britton, director of NSA’s Center for Assured Software, said during a panel discussion hosted by the Consortium for IT Software Quality (CISQ) on Oct. 13. “Ultimately it is. But it all begins — at least in government — back at the acquisition process.”
Keep reading this article at: http://www.federaltimes.com/story/government/cybersecurity/2015/10/13/specific-cyber-requirements/73875252/