Laura Stanton, a General Services Administration official, said government agencies can take several measures to reduce their cybersecurity supply chain risks such as integrating cyber supply chain risk management with the acquisition process and evaluating their organizational structure.
Stanton, assistant commissioner for the office of information technology category at GSA’s Federal Acquisition Service, wrote in a FedTech article published on Oct. 18 that agencies should establish a task force to help ensure supply chain security.
She said agencies should review key contracts to ensure that contractors maintain security practices, develop requirements for communicating and protecting data, provide C-SCRM training and create trust by sharing threats with supply chain partners.
“Open and transparent leadership and communication create trust, and building that trust includes a commitment to straight talk, the ability to produce results and the ability to restore trust when it is lost,” Stanton said.
She mentioned some of the C-SCRM initiatives GSA has introduced to help agencies mitigate supply chain risks, such as performing a pre-award assessment to ensure the identification of prohibited equipment or services prior to contract awards and developing a questionnaire to collect information on supply chain risks.
Stanton also mentioned GSA’s new C-SCRM Guide that seeks to help agencies comply with the current administration’s cybersecurity requirements and the establishment of the C-SCRM Acquisition Community of Practice.
“The goal of the C-SCRM Acquisition Community of Practice is to increase awareness and develop maturity in the areas of cyber acquisitions and information and communications technology and services supply chain risk management across the federal government,” she wrote.
