The Office of Management and Budget (OMB) has issued an interim final rule detailing how the Federal Acquisition Security Council (FASC) will evaluate threat information and recommend issuance of orders to remove or exclude certain products from future procurements or information systems as part of efforts to protect the information and communications technology and services supply chain.
The interim rule directs the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to serve as FASC’s information sharing agency, which will help facilitate the operations of a task force for supply chain risk management (SCRM) and standardize procedures for disseminating supply chain data.
OMB said the SCRM task force will be composed of technical experts who will help the council carry out risk assessment, risk analysis and data sharing functions.
According to the document, FASC is an interagency council led by a senior-level OMB official and includes representatives from the departments of Defense (DoD), Homeland Security (DHS), Commerce (DOC), Justice (DOJ), Office of the Director of National Intelligence (ODNI) and the General Services Administration (GSA).
The interim final rule is slated for publication in the Federal Register Tuesday and will be open for public comments in the next 60 days.