Officials from CISA, GSA and NIST say information sharing will be key to managing security risks in the supply chain.
One common refrain for securing information and communication technology (ICT) supply chains is to focus on acquisition and supplier visibility. According to top IT leaders at a FCW workshop this week, federal entities seeking to secure their ICT supply chains have a knowledge problem.
Keith Nakasone, deputy assistant commissioner for acquisition at the General Services Administration, said rolling out ICT supply chain risk management (SCRM) use cases will be key for helping federal agencies identify and remedy security vulnerabilities in their supply chains.
“We’re looking at the acquisition process, but also the cybersecurity side and the supply chain risk management side,” he said at the event. “From our portfolio perspective, we do have the cyber tools and some SCRM tools. As we do the assessment and look at the foundation of how things are built over time, we’ll be able to see where those touchpoints may be and how to build these acquisitions solutions going forward.”
SCRM requires constant monitoring and information-sharing, Nakasone added. When…
