The General Services Administration issued a guide on government contract vehicles that agencies can use to procure cybersecurity supply chain risk management — or C-SCRM — tools and advisory services.
The document covers information and communications technology and operational technologies, or ICT and OCTs, which are faced with threats that are evolving in sophistication and can put government information at great risk, GSA said Saturday.
Global ICT/OT supply chains have been hit with deliberate and unintentional disruptions in recent years. Weather events as well as the COVID-19 pandemic, exacerbated by attacks such as zero-day vulnerabilities in Microsoft Exchange and the SolarWinds Orion breach have affected tens of thousands of organizations and businesses.
GSA stressed to agencies that effective C-SCRM software and hardware cover all of ICT/OT design, development, production, distribution, deployment, purchase and distribution until their disposal. Organizations should conduct cybersecurity risk assessments prior to acquiring such products to specifically address their operational vulnerabilities.
GSA provided a list of risk factors addressed by the multiple-award schedule and other government wide acquisition contract vehicles, including specific contract types for purchasing anti-counterfeiting and value chain management systems to protect ICT/OT supply chain.
The Potomac Officers Club is gathering experts from government and industry to discuss the expanding role of cyber in the public sector. Register early for the 2024 Cyber Summit on June 6.