Federal Manager's Daily Report

Image: raigvi/Shutterstock.com

A report for Congress has suggested possible strategy changes for managing agency cyber supply chain risks, including consolidating oversight that now “is distributed among many federal agencies.”

The Congressional Research Service noted that interest in cyber supply chain security has been increasing in general, and inside the government in particular, in response to incidents and assessments of general threats to steal information and manipulate the operation of technology. However, individual agencies “are responsible for evaluating risks posed by IT for themselves” and some “lack the capability or capacity to perform thorough evaluations of their systems for supply chain risks,” it said.

ADVERTISEMENT

The report raised as a possibility using the shared services model in which the GSA’s FedRAMP program evaluates cloud service providers and creates documentation on the security of those services available to all agencies.

“An option for Congress would be to assign a single federal agency the responsibility to evaluate supply chain risks in IT for all other agencies. This agency would examine IT hardware and software for potential risks. In order to do so, the agency would likely need access to threat intelligence, technical expertise, business relationships of the vendors, building products, and security experts, among other factors,” it said.

It added: “Rather than assign a single federal agency with all the responsibility for supply chain security, Congress may identify unique responsibilities and parse those out to agencies; such as intelligence gathering, technical expertise, the development and promulgation of defensive measures, and coordinating federal efforts.”

Other potential steps include to “increase the information available from open and restricted government sources to all agencies and the information technology sector . . . This may help agencies better assess their own risk, and allow the companies to directly mitigate vulnerabilities in their products.”

Vaccine Mandate Injunction Hits Two-Month Mark with Questions Still Pending

DoD Leaves Timing, Other Details of ‘Reentry’ to Components

Report Lists Lessons Learned in Pandemic on Telework, Other Issues

OPM Sets Requirements for FEHB Plans in 2023

The Latest on the WEP and the GPO

Rules Coming on Consideration of Prior Salaries in Pay Setting, Says OPM

Bill Offered to Put Trump Personnel Orders into Law

New, Updated Guidance Issued on Workplace Safety Measures

FERS Retirement Guide 2022