The Department of Defense has issued a document outlining its policies and the roles and responsibilities of several DOD components to protect mission-critical functions in order to achieve trusted systems and networks, or TSN.
The latest DOD instruction seeks to implement the TSN strategy and establishes policy and assigns responsibilities to mitigate information and communications technology — a.k.a. ICT — supply chain and engineering risks to the department’s warfighting capabilities and enterprise information systems, according to the document published Friday.
Per the document, mission-critical functions will be safeguarded through the implementation of TSN and ICT supply chain risk management, or SCRM, practices.
“All-source intelligence analysis of suppliers of critical components will be used with supply chain illumination capabilities as part of supplier due diligence to inform risk management decisions,” the instruction reads.
The document states that the under secretary of defense for research and engineering should oversee and provide guidance on the implementation of the issuance, develop a strategy to manage TSN risk in the supply chain and conduct risk assessments and manage the Joint Federated Assurance Center, among other responsibilities.
The department’s chief information officer should integrate multilayered ICT SCRM concepts into security controls and other policies, issue information systems security engineering and ICT SCRM guidance and develop programming recommendations to ensure the integration of TSN concepts and processes into the acquisition and maintenance of DOD information systems, services and enclaves.
