CISA supply chain assessment hits the home stretch


The recently established Federal Acquisition Security Council is ramping up resources to help agencies better understand and manage their supply chain security risks.

FASC “is going to serve as the governance structure to elevate the security within federal acquisition processes” the Cybersecurity and Infrastructure Security Agency’s Bob Kolasky said at a July 16 FCW briefing on supply chain security. A key part of that effort, he said, is to “create an information repository that can be called on … to help make smarter procurement decisions.” The goal, he stressed, is not to pick preferred vendors or “be anti-competitive, but to draw on the best information we have.”

Kolasky, who directs CISA’s National Risk Management Center, said his team is supporting the FASC efforts, which also include guidance on “how to use removal or exclusion authorities,” when the risk is deemed extreme — as was the case for Kaspersky Labs and Huawei products.

Read more…
Source: FCW