DHS wants insights on supply chain risks
- By Adam Mazmanian
- Aug 20, 2018
NOTE: This article first appeared on FCW.com.
The Department of Homeland Security is looking for a sharable, non-classified resource on cybersecurity risks in the IT supply chain.
With government agencies at all levels dependent on private vendors for technology providers and integrators, the global IT supply chain "is a significant source of risk to the nation," according to an Aug. 17 sources sought notice posted to FedBizOpps.
DHS is seeking a source of "due diligence information" to help federal, state, local, tribal and territorial governments with source selection and contract performance evaluations, audits and investigations and the development of information system authorization. The idea here is for the solution to be non-classified, easily sharable across different levels of government and aligned with existing practices "in the vendor community and insurance industry."
Risk information will cover system lifecycle from design to acquisition to maintenance. The contracting documents suggest that "supply chain threats and vulnerabilities may intentionally or unintentionally compromise an ICT product or service at any stage of the lifecycle."
DHS plans to use responses to its contacting notice to plan the possible acquisition of a supply chain risk assessment capability. Click here to read the full solicitation.
Adam Mazmanian is executive editor of FCW.
Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.
Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.