Supply chain risk management is a topic that comes up consistently in government cyber circles, and merits attention. The concept isn’t new, but in the last six months, particularly with the concerns about Kaspersky Lab and now Chinese companies, Huawei Technologies or ZTE Corp., supply chain risk management has become a hot topic.
Under Health & Human Services, it’s seen in bill-of-materials requirements, for vendors to specify what hardware and software goes into medical devices, to make it possible to properly secure them.
In Defense, DFARS pushes down requirements for vendors to disclose any risks in their supply chains, even if they don’t directly affect military networks at a given time.
FCC Chairman Ajit Pai has issued a proposal to bar the use of money from its Universal Service Fund to purchase equipment or services from companies that pose a national security threat to U.S. communications networks or the communications supply chain. The FCC will vote on this proposed rule at its April 17 meeting.