The General Services Administration has started to develop a cybersecurity risk profile forÂ federal agencies toÂ use when they purchase information technology products and services, Federal News Radio reported Friday.
Emile Monette, senior adviser for resilience and cybersecurity at GSAâs Office of Governmentwide Policy, told the station agencies will work to prioritizeÂ risk assessment inÂ acquisitions, Jason Miller writes.
“When you think about having baseline cybersecurity requirements as a condition for contract award for appropriate acquisitions, well, we don’t really know what appropriate acquisitions are until we fully understand the risk posture of those acquisitions,” MonetteÂ said in an interview with the station.
Miller reports that GSA held a public meeting on June 5 to hear feedback from IT vendors, big dataÂ stakeholders, consultants and other experts on how to form the risk management framework in acquisitions of IT platforms and services.
Monette told the station he expects GSA to have the initial list of risk indicators for IT acquisition processes ready for implementation by fall of this year.