OMB Releases Interim Rule to Address IT Supply Chain Security Risks

OMB Releases Interim Rule to Address IT Supply Chain Security Risks

The Office of Management and Budget (OMB) has issued an interim final rule detailing how the Federal Acquisition Security Council (FASC) will evaluate threat information and recommend issuance of orders to remove or exclude certain products from future procurements or information systems as part of efforts to protect the information and communications technology and services supply chain.

The interim rule directs the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to serve as FASC’s information sharing agency, which will help facilitate the operations of a task force for supply chain risk management (SCRM) and standardize procedures for disseminating supply chain data.

OMB said the SCRM task force will be composed of technical experts who will help the council carry out risk assessment, risk analysis and data sharing functions.

According to the document, FASC is an interagency council led by a senior-level OMB official and includes representatives from the departments of Defense (DoD), Homeland Security (DHS), Commerce (DOC), Justice (DOJ), Office of the Director of National Intelligence (ODNI) and the General Services Administration (GSA).

The interim final rule is slated for publication in the Federal Register Tuesday and will be open for public comments in the next 60 days.

Check Also

Cybersecurity Strategy

Updated CISA Federal Cybersecurity Strategy Directs Improved CDM Scores Through FY 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA. CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges.