The Federal Acquisition Security Council (FASC) has released a final rule to facilitate the sharing of information on supply chain risks and exercise its authority to recommend issuance of orders requiring the removal of IT products and services from executive agency information systems or exclusion of covered articles from future procurements.
FASC in an interagency council that was formed in compliance with the Federal Acquisition Supply Chain Security Act of 2018 to help address vulnerabilities in information and communications technology and services supply chains, according to a Federal Register notice posted Thursday.
The council is chaired by a senior-level Office of Management and Budget (OMB) official and consists of representatives from the General Services Administration, Office of the Director of National Intelligence and departments of Homeland Security, Justice, Defense and Commerce.
DHS, acting through the Cybersecurity and Infrastructure Security Agency (CISA), will serve as the council’s information-sharing agency, which will standardize processes for submitting and distributing supply chain data and facilitate the operations of a supply chain risk management task force.
The rule also outlines processes how federal and nonfederal entities can submit supply chain risk data to the FASC and how the ISA can facilitate information sharing in support of supply chain risk analyses.
The final rule is set to take effect Sept. 27th.