An early version of the fiscal 2019 spending bill for many of the government’s law enforcement and science agencies would block them from buying IT systems that have not been evaluated for security vulnerabilities introduced intentionally at some point in their development.
The House Appropriations subcommittee that handles spending for the Department of Commerce, Department of Justice, National Science Foundation and NASA included a provision requiring all four to conduct supply chain risk assessments before acquiring sensitive IT systems. The panel approved the spending bill on Wednesday. It now moves to the full committee.
The agencies would have to review the supply chain risk for new “high-impact or moderate-impact” IT systems, using criteria from the FBI and NIST, the government’s technology standards agency.
“We have … included numerous oversight provisions to protect the scarce and hard-earned tax dollars that we are responsible for,” said Commerce-Justice-Science Subcommittee Chairman John Culberson, R-Texas, during Wednesday’s markup.
The bill would also require the agencies to consult with the FBI or another…
