"This document constitutes the final report of the 'Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.' The report is one component of the government-wide implementation of Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21. It was developed in collaboration with stakeholders from Federal agencies and industry and with the assistance of the Department of Homeland Security's Integrated Task Force. The Working Group also coordinated development of the recommendations closely with the Department of Commerce, National Institute of Standards and Technology's (NIST) development of a framework to reduce cyber risks to critical infrastructure (Cybersecurity Framework), and in parallel to the Departments of Commerce, Treasury, and Homeland Security reports on incentives to promote voluntary adoption of the Cybersecurity Framework. […] One of the major impediments to changing how cybersecurity is addressed in Federal acquisitions is the differing priorities of cyber risk management and the Federal Acquisition Systems. The Acquisition Workforce is required to fulfill numerous, sometimes conflicting, policy goals through their work, and cybersecurity is but one of several competing priorities in any given acquisition. […] The purpose of this report is to recommend how cyber risk management and acquisition processes in the Federal government can be better aligned. The report does not provide explicit implementation guidance, but provides strategic guidelines for addressing relevant issues, suggesting how challenges might be resolved and identifying important considerations for the implementation of the recommendations."
U.S. Department of Defense: http://www.defense.gov/
Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience through Acquisition