The General Services Administration is seeking industry input on risk indicators for vendor products and services that relate to the frameworks that federal agencies use in a bid to standardize risk assessments, Federal Times reported Monday.
Aaron Boyd reports that the request for information indicates the need to unify the understanding between agencies and vendors on IT security requirements as well as develop technologies to communicate these information.
“When the government purchases products, services or solutions from contractors with inadequate integrity, security, resilience and quality in their deliverables or operations, the risks created persist throughout the lifespan of the item purchased and often result in increased costs to the government and contractors,” GSA noted in the RFI.
Boyd writes that agencies have pointed to such risks as information security, counterfeiting, tampering, insertion of malicious software, insider threats, and financial and managerial controls.
GSA will accept responses through Feb. 16, the report said.