RAND政府采购网络技术:从网络安全和基础设施安全局的网络采购流程分析中得出的经验教训(2024)

VIP文档

ID:69971

大小:0.59 MB

页数:12页

时间:2024-02-26

金币:10

上传者:一顿俩小孩儿
HS AC
S
A
A
A
n FFRDC operated by the RAND Corporation under contract with DHS
HOMELAND SECURITY
OPERAT IONAL ANALYSIS CENTER
CHAD HEITZENRATER, JAMES DIMAROGONAS, KYLE BUNCH, FRANK CAMM, RYAN CONSAUL,
SARAHW.DENTON, QUENTIN E. HODGSON, ERIN N. LEIDY, LAURINDA L. ROHN, JAMES RYSEFF,
YULIYASHOKH, PADMAJA VEDULA
Government Acquisition of
Cyber Technologies
Lessons Derived from Analysis of
the Cybersecurity and Infrastructure
Security Agencys Cyber Acquisition
Processes
E
ffective and efficient cyber acquisition has proven to be a challenge for government organiza-
tions, including the Cybersecurity and Infrastructure Security Agency (CISA), part of the
U.S. Department of Homeland Security (DHS). With respect to cybersecurity, CISA has a
mandate to act in two roles: as national coordinator for critical infrastructure security and
resilience and as the country’s cyber defense agency.
1
In these roles, CISA acquires equipment and
services to support numerous capabilities and must be able to plan, develop, execute, and deploy
these capabilities expeditiously, driving down costs and schedule timelines while increasing techni-
cal performance for mission operators.
Like most organizations, CISA approaches acquisition by seeking to understand the request-
ing organizations needs, including resilience, and manage risks. (See the box on the next page for
information on CISAs acquisition approach.) However, the current DHS acquisition approach has
not provided CISA the ability to acquire
technology rapidly enough while bal-
ancing risk tolerance. This is partly
because of the complexity of the acquisi-
tion process itself and partly because of
a lack of a shared understanding of how
to tailor the process for different types
of acquisitions.
Although DHS has adapted many
U.S. Department of Defense (DoD)
processes for its own use, more can be
KEY FINDINGS
A successful approach to cyber acquisition must be rooted in
solid acquisition practice.
Flexibility is important to meet varied cyber acquisition needs.
Requirements are foundational but are challenging to formulate.
The cyber acquisition approach must be considered in relation
to the goals.
Background and expertise of staff play a key role in cyber
acquisition.
Research Report
资源描述:

RAND政府采购网络技术:从网络安全和基础设施安全局的网络采购流程分析中得出的经验教训(2024)

当前文档最多预览五页,下载文档查看全文

此文档下载收益归作者所有

当前文档最多预览五页,下载文档查看全文
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,天天文库负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。
关闭