The Government Accountability Office (GAO) has called on federal agencies to take action on its recommendations to fully implement the foundational practices for managing supply chain risks associated with information and communication technologies.
The foundational practices include establishing executive oversight of ICT activities; developing an agency-wide ICT supply chain risk management strategy; setting up a process to carry out a SCRM assessment of a potential supplier; and creating organizational procedures to detect organizational procedures to detect compromised and counterfeit ICT products prior to deployment, according to a GAO report published Tuesday.
In December, a compromise involving the SolarWinds Orion network management software suite was discovered. During that month, the congressional watchdog reported that none of the 23 civilian agencies had fully carried out the foundational ICT SCRM practices.
“GAO stressed that, as a result of not fully implementing the foundational practices, the agencies were at a greater risk that malicious actors could exploit vulnerabilities in the ICT supply chain, causing disruptions to mission operations, harm to individuals, or theft of intellectual property,” the report reads.
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club's CMMC Forum coming up on June 16. To register for this virtual forum and view other upcoming events, visit the POC Events page.