GAO Examines Federal Agencies’ Implementation of Practices to Manage ICT Supply Chain Risks

GAO Examines Federal Agencies’ Implementation of Practices to Manage ICT Supply Chain Risks
ICT Supply Chain Risks

A Government Accountability Office (GAO) report says few of the 23 Chief Financial Officers Act agencies had implemented seven fundamental practices for managing risks to the information and communications technology (ICT) supply chain.

GAO said in a report published Tuesday that none of the 23 CFO Act agencies fully implemented all the supply chain risk management (SCRM) practices and 14 those civilian agencies had not adopted any of the seven practices.

Those ICT SCRM practices are establishing executive oversight of ICT SCRM activities; developing an agencywide ICT SCRM strategy; establishing an approach to identify and document agency ICT supply chain; coming up with a process to carry out agencywide reviews of ICT supply chain risks; establishing a process to implement a SCRM review of a potential supplier; developing organizational ICT SCRM requirements for suppliers; and developing organizational procedures to detect compromised and counterfeit ICT products prior to deployment.

The report noted that agencies cited the lack of federal guidance on SCRM as one of the factors that limited their implementation of the basic practices for handling supply chain risks.

"Until agencies implement all of the foundational ICT SCRM practices, they will be limited in their ability to address supply chain risks across their organizations effectively,” the report reads.

You may also be interested in...

Anthony Iasso

Anthony Iasso Named Xator CTO; CEO David Scott Quoted

The Xator Corporation announced on Friday that Anthony Iasso has been appointed the company’s new chief technology officer. Xator CEO David Scott elaborated that Iasso would take advantage of Xator’s key investments in the company’s acquisitions and tech capabilities to further propel its solution offerings for its customers.