EO 13636: Improving Critical Infrastructure Cybersecurity

On February 12th, 2013, the President issued Executive Order 13636, entitled “Improving Critical Infrastructure Cybersecurity” (EO 13636).  In accordance with Section 8(e), GSA and the Department of Defense submitted recommendations to the President addressing the feasibility, benefits, and merits of incorporating cybersecurity standards into acquisition planning and contract administration, and harmonizing procurement requirements.

The jointly authored report containing the recommendations, "Improving Cybersecurity and Resilience through Acquisition," can be downloaded at the links below.

The report provides a path forward to aligning Federal cybersecurity risk management and acquisition processes.  It provides strategic recommendations for addressing relevant issues, suggests how challenges might be resolved, and identifies important considerations for the implementation of the recommendations.  The ultimate goal of the recommendations is strengthening the cyber resilience of the Federal government by improving management of the people, processes, and technology affected by the Federal Acquisition System.

The recommendations focus on the need for baseline cybersecurity for Federal contractors, comprehensive workforce training, consistent cybersecurity terminology for contracts, incorporation of cyber risk management into Federal enterprise risk management, development of more specific and standardized security controls for particular types of acquisitions, limiting purchases to certain sources for higher risk acquisitions, and increasing government accountability for cybersecurity throughout the development, acquisition, sustainment, and disposal lifecycles.


Filename File Description
Improving Cybersecurity and Resilience through Acquisition PDF  - 1.67 MB    DOCX  - 132.09 KB
Presidential Policy Directive PPD-21: Critical Infrastructure Security and Resilience PDF - 127.30 KB
Part III The President Executive Order 13636: Improving Critical Infrastructure Cybersecurity PDF - 324.59 KB
Memo for Commenters READ FIRST DOCX - 13.25 KB
DRAFT Implementation Plan DOCX - 45.84 KB
DRAFT Appendix I: Categories, Prioritization, Overlays) DOCX - 172.68 KB
Program Managers Memo PDF - 62.83 KB




Last Reviewed 2014-09-30