Guidance Would Help DOD Programs Better Communicate Requirements to Contractors

GAO-21-179: Published: Mar 4, 2021. Publicly Released: Mar 4, 2021 – The Department of Defense has struggled to ensure its weapons systems can withstand cyberattacks. Since we last reported, DOD has taken some positive steps toward that goal, like conducting more cyber testing.  But we found that DOD programs aren’t always incorporating cybersecurity requirements into contract language. And contractors are only responsible for meeting the terms written in a contract. Some contracts we reviewed had no cybersecurity requirements when they were awarded, with vague requirements added later. We recommended that DOD issue guidance on incorporating weapon systems cybersecurity requirements into contract language. https://www.gao.gov/products/GAO-21-179