The Office of Management and Budget (OMB) published in the Federal Register Tuesday an interim final rule outlining how the Federal Acquisition Security Council (FASC) will assess risk information and recommend the issuance of exclusion or removal orders for information technology products that pose supply chain security risks.
The rule states that FASC should carry out “due diligence” to determine if the data is credible and consult with the National Institute for Standards and Technology (NIST) to ensure that recommended orders are aligned with federal guidelines and standards.
The secretaries of the Department of Defense (DoD) and the Department of Homeland Security (DHS) and the director of National Intelligence (DNI) will assess the recommendation and risk information to determine if issuing an exclusion or removal order is warranted.
The document also designates DHS as the agency for information sharing tasked with establishing a supply chain risk management and information sharing task force as part of the council.
Comments on the interim rule are due Nov. 2.
