The National Institute for Standards and Technology has added the source of information technology components to its draft guidance as part of efforts to address supply chain risks, FCW reported Thursday.
Adam Mazmanian writes “Supply Chain Risk Management: Practices for Federal Information Systems and Organizations” is meant to require suppliers, integrators and agency buyers to monitor the provenance and movements of IT products and services.
“Provenance is used when ascertaining the source of goods such as computer hardware to assess if they are genuine or counterfeit,” the guidance says, according to FCW.
NIST intends for the measure to prevent malware, property theft and cyber attacks, Mazmanian reports.
Current legislation requires all IT acquisitions from China made by NASA, the National Science Foundation and the departments of Commerce and Justice to undergo special risk assessment and verification.
Mazmanian reports that House appropriators want to extend that legislation to fiscal 2014.