WASHINGTON – The IT Alliance for Public Sector (ITAPS), a division of ITI, released its comments on the Office of Management and Budget (OMB) Proposed Guidance on Improving Cybersecurity Protections in Federal Acquisitions. In the written comments, Trey Hodgkins, senior vice president for public sector, writes:
"We share the goals and interests of the government on this issue because cybersecurity is critical for our member companies as well. The protection of customers, brands, and intellectual property – which are essential components of our members’ businesses – are critical to our ability to grow and innovate in the future.”
ITAPS urged OMB to:
- Modify the guidance dramatically to align with the many other agency cyber efforts per the recommendations in the letter, or
- Withdraw the guidance and go through a standard regulatory comment process. This guidance needs to create a risk based process. ITAPS recommends that an approach built around a capability maturity model that factors in varying levels of company capability based on size, type of business model, flexibility and that is risk based would be a vast improvement to the prescriptive model being fostered in the proposed OMB guidance. We urge OMB to prominently feature more of the NIST Framework in this guidance and should be much more integral to this guidance. The Framework should be used government wide to help determine agencies cyber risk.
Hodgkins had written to request an extension from OMB, citing concerns with GitHub:
"ITAPS supports the federal government’s efforts to strengthen its cybersecurity posture as it relates to acquisition planning and contract administration. We are concerned, however, by the legal impediments imposed on users of the website GitHub, the limitations those impediments have placed on the effective and transparent solicitation of comments and recommendations on the proposal and the use of this website as the sole means of collecting feedback. Because of these concerns, we believe that it is imperative that the comment period be extended and additional opportunity and means be afforded to stakeholders and the public to provide comment and feedback to the proposal."
# # #