GSA Solicits Feedback on Supply Chain Risk Management Program


The General Services Administration is developing the Vendor Risk Assessment Program: a tool to “identify, assess and monitor supply chain risks of critical vendors.” The effort got underway during the efforts to remove Kaspersky software from federal systems, and received some attention with the focus on removing Chinese suppliers, and is getting renewed focus in the wake of the SolarWinds hack. The draft of Polaris – a new governmentwide acquisition vehicle for information technology services – contains language describing the program, and seeks feedback by January 29.