The Professional Services Council (PSC) recommended that the ongoing efforts to create cybersecurity requirements for contracting be halted until the National Institute of Standards and Technology (NIST) develops the cybersecurity framework required under President Obama’s February 12 Executive Order 13636, in comments submitted to NIST on April 8
.
“We strongly believe that the NIST cybersecurity framework should be developed prior to the further development or implementation of new acquisition-specific cybersecurity requirements,” PSC President and CEO Stan Soloway said.
PSC submitted its comments in response to a NIST Request for Information (RFI) regarding the cybersecurity framework. PSC supports the executive order’s effort to improve our nation’s ability to protect critical infrastructure from cyber attack or unauthorized intrusion. However, there are multiple, uncoordinated regulatory initiatives underway within the federal acquisition arena that could be affected by any NIST-developed framework.
“To ensure that consistency is achievable by agencies in both the cybersecurity framework and the federal acquisition arena, PSC recommends that the FAR and DFARS initiatives be suspended until the initial NIST framework is completed,” Soloway said.
Read an in-depth analysis of the president's executive order in the March 2013 issue of Service Contractor magazine.