Katie Arrington, a previous Wash100 awardee who currently performs the duties of the Department of Defense’s chief information officer, has released a memorandum to help DOD better manage risks facing its information and communications technology supply chain.
In the June 5 memo, Arrington said she called for an update of the Requirements for the Acquisition of Digital Capabilities Guidebook concurrent with the Software Fast-Track, or SWFT, initiative development timeline.
Table of Contents
DOD Software Fast-Track Initiative
In April, the acting CIO directed the establishment of the SWFT initiative to advance DOD’s adoption of best practices to transform the way it acquires, tests, authorizes and deploys secure software.
The 90-day SWFT initiative sought to define clear, specific cybersecurity and supply chain risk management requirements; secure information sharing mechanisms; rigorous software security verification processes; and federal government-led risk determinations to accelerate cybersecurity authorizations for secure, rapid software adoption.
According to Arrington, the update will build on 12 risk categories to facilitate the development of a comprehensive framework for managing ICT supply chain risks. The Office of the Assistant Secretary of Defense for Sustainment developed the risk categories.
The risk categories are regulatory and compliance; manufacturing and supply; foreign ownership, control, or influence; political; technology and cybersecurity; financial; economic; product quality and design; human capital; environmental; transportation and distribution; and infrastructure.
Key ICT Supply Chain Risk Management Requirements for DOD Components
The memo outlines key ICT supply chain risk management requirements for DOD components deploying commercial off-the-shelf products.
These include prioritizing software integrity in accordance with OMB Memorandum 22-18; ensuring that vendors adhere to a section of the fiscal year 2019 National Defense Authorization Act concerning a prohibition on certain telecommunications and video surveillance equipment from Huawei, ZTE and Hytera, among others; and ensuring that suppliers adhere to the DOD issued Security Requirements Guides and any accompanying Security Technical Implementation Guides.
DOD components should also obtain artifacts as part of the security authorization process, including hardware and software inventory list; incident response plan; software certification test results; and supply chain risk management policy.
Related Articles
The Senate on Thursday confirmed by voice vote Lt. Gen. Shawn Bratton as the U.S. Space Force’s vice chief of space operations. According to a congressional notice, Bratton, who was nominated to the role in mid-July, will also be promoted to the rank of general. With his confirmation, Bratton replaces Gen. Michael Guetlein, who was named program manager for the Trump administration’s Golden Dome missile defense shield initiative. The GovCon Golden Dome conversation will be in full force at the 2025 Navy Summit in the lunch panel: “Supporting the Shield: Navy’s Role in the Golden Dome Architecture.” This industry-focused panel
The Senate voted on Saturday 50-45 to confirm Paige Hallen Hanson as the next U.S. Environmental Protection Agency new chief financial officer. In her role, Hanson will manage EPA’s almost $100 billion allocation and its financial and resource management systems, the agency said in a Monday press release. Commenting on her appointment, Hanson said she was grateful to lead the EPA’s financial operations. “From budgeting to payments, performance measures to financial technology, the work of this talented team enables the critical mission EPA plays in protecting human health and the environment,” she remarked. Who Is Paige Hallen Hanson? Before her
The Department of Defense is downsizing the Defense Technical Information Center to 40 civilian positions as part of an artificial intelligence-first digital transformation initiative, which is expected to result in annual savings of over $25 million and better capabilities for meeting critical mission needs. Silvana Rubino-Hallman, announced as acting administrator on July 29, will implement the personnel reduction, conduct core mission review for all contractor personnel augmenting DTIC staff, direct “cognizant contracting officers” to issue any stop-work orders as appropriate and oversee DTIC’s digital transformation, according to a memorandum from Emil Michael, the under secretary of defense for research and