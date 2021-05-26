Unanet

GAO: Federal Agencies Should Implement ICT Supply Chain Risk Management Practices

Jane Edwards May 26, 2021 News, Technology

The Government Accountability Office (GAO) has called on federal agencies to take action on its recommendations to fully implement the foundational practices for managing supply chain risks associated with information and communication technologies.

The foundational practices include establishing executive oversight of ICT activities; developing an agency-wide ICT supply chain risk management strategy; setting up a process to carry out a SCRM assessment of a potential supplier; and creating organizational procedures to detect organizational procedures to detect compromised and counterfeit ICT products prior to deployment, according to a GAO report published Tuesday.

In December, a compromise involving the SolarWinds Orion network management software suite was discovered. During that month, the congressional watchdog reported that none of the 23 civilian agencies had fully carried out the foundational ICT SCRM practices.

“GAO stressed that, as a result of not fully implementing the foundational practices, the agencies were at a greater risk that malicious actors could exploit vulnerabilities in the ICT supply chain, causing disruptions to mission operations, harm to individuals, or theft of intellectual property,” the report reads.

