Acquisition Cybersecurity Management Framework

Abstract

Current organizational structures have proven insufficient for cyber and information assurance. The acquisition role may be resourced and expanded to support information assurance and systems compliance. A supply chain audit and assessment process within acquisition departments will better support emerging cybersecurity requirements. This project advances technical and workflow models, an assessment framework, and implementation methods to support expansion of the acquisition department role to include cybersecurity and information assurance across the systems lifecycle from supply chain, through test and measurement, to maintenance and obsolescence. Analysis methodology and model-based system engineering techniques successfully employed in naval and joint forces field research for technology and cybersecurity evaluation for nearly two decades, along with best practices from Silicon Valley high technology industries, were applied in the acquisition cybersecurity management framework. A shift of cybersecurity assessment from distributed units into centralized acquisition departments should significantly lessen the inter- and intra-organizational boundaries which have traditionally hindered cybersecurity.