How should cybersecurity vendors refine their messaging to land federal contracts? It’s hard to tell these days with the messages coming from the federal government, but a little digging shows there is a strategy shining through.
President Donald Trump issued his cyber executive order in May, which details a series of reports due to the executive branch and mandates standards for federal agencies regarding cyber readiness. More recently, Trump signaled that cybersecurity was a Defense Department priority, elevating U.S. Cyber Command to the status of a unified combatant command — one of 10 issues that span military branches and requires a long-term strategy to ensure safety.
This momentum by the federal government is with good reason. In fact, the first half of 2017 saw a rapid rise in cyber activity. It’s going to be up to industry to remain agile and offer the most innovative solutions they can, regardless of political proclivities. To do so, they must get in line with the cyber executive order’s framework, in addition to other guidelines set in motion by the military.
The Cybersecurity Framework (CSF) outlined by the National Institute of Standards and Technology (NIST) is going to be gospel for any vendor that wants to play in the federal space, per the cyber executive order. This framework is a living document that the agency intends on frequently updating — a necessity in this new age of constant cyber threats. What it is not is a repeat of NIST’s prior Risk Management Framework (RMF). The RMF did indeed serve as a starting point, pointing at future cybersecurity needs, but what it doesn’t provide is the codified, specific directives that allow each member of a federal agency to speak the same language regarding cyber compliance and threat mitigation — that is truly the strength of the CSF.
On the defense side, a quick review of open federal government contracts, including this recent request for information from the Army Corps of Engineers, shows NIST matters to DOD branches too, but defense contractors also need to be sensitive to DOD-specific requirements on cybersecurity, which the department has published in an effort to guide small businesses seeking awards. These military compliance directives will become mandatory at the end of the calendar year for any vendor seeking federal defense dollars.
Nearly every federal agency is going to need smart, agile vendors that can arm them with effective weapons against breaches. Whether for the military or civilian departments, frameworks and guidelines will continue to grow as important tools so vendors can maintain compliance and qualify for federal dollars.
Want more advice on how to position your cybersecurity company to gain federal government dollars? Contact us at info@merrittgrp.com.