The U.S. Census Bureau released a request for information May 20 asking for industry input to shape the statistical agency’s cybersecurity acquisition strategy for the coming decade.
“The [U.S. Census Bureau] believes industry holds the most current and best practices in these areas impacted by cybersecurity and seeks recommendations on how to best acquire the needed industry knowledge and expertise and achieve benefits in accordance with federal requirements," the RFI read.
As the government’s biggest statistical agency, the Census Bureau is responsible for administering the decennial census and houses personal information on millions of Americans. This year is the first time the census can be entirely completed online.
The RFI indicates that the Census Bureau is interested in exploring several cybersecurity solutions in the next decade. For example, the agency wants to learn more about “next generation” artificial intelligence and machine learning to move toward real-time cybersecurity assessments and transition off of point-in-time assessments.
The Census Bureau’s Office of Information Security, which is leading the strategy, is also interested in:
- Professional support services: The Census Bureau wants information on industry’s existing digital and network forensics, incident manage and reporting capabilities.
- Proactive cyber defense: The Census Bureau seeks insight on continuous vulnerability scanning, remediation, attack simulations, and cyberthreat-hunting and penetration-testing services that industry can provide.
- Threat intelligence: The agency wants to know what capabilities industry has in identifying tactics, techniques and procedures, as well as industry’s ability to have a “dedicated” cyberthreat intelligence analyst to “provide a continuous feed of cyber threat intelligence information.”
- Agile development: To ensure that the Census Bureau is developing secure systems, it wants industry input on how to create a “flexible, secure” DevOps and Agile development model for system and software development that “seamlessly integrates security requirements and testing.”
Responses are due by July 15.