The proposed Federal IT Supply Chain Risk Management Improvement Act of 2018 would set up a federal IT acquisition security council that would advance the development of standards and practices that can be used by agencies to create strategies to mitigate supply chain risks with regard to the procurement of IT and communications systems and services.
The council would be composed of the Office of Management and Budget, General Services Administration, National Institute of Standards and Technology, DoD and the Department of Homeland Security and would come up with criteria for supply chain risk data sharing with private and public sector stakeholders.
The bill would also establish a critical IT supply chain risk evaluation board that would oversee measures with regard to the exclusion of vendors from procurement actions and information systems that are deemed a risk to agencies.
The report said the House Homeland Security Committee has begun work on a similar measure that would provide DHS and other agencies with similar supply chain risk management authorities given to DoD and the intelligence community.