Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

DoD and GSA Take Aim at Supply Chain Risks

By Adelicia R. Cliffe, Kate M. Growley, CIPP/G, CIPP/US, Evan D. Wolff, Michael G. Gruden, CIPP/G & Christopher Hebdon on January 15, 2021
EmailTweetLikeLinkedIn

The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to:

  • Assess contractors’ cybersecurity posture, including, where applicable, verifying compliance with the DoD’s newly introduced Cybersecurity Maturity Model Certification (CMMC);
  • Consider the extent to which contractors have experienced “significant” incidents resulting in network breaches or data loss;
  • Avoid program requirements that may necessitate the use of contractors or suppliers that are owned or controlled by a foreign adversary government or are subject to the jurisdiction of a foreign adversary government;
  • Manage any supply chain risks associated with foreign ownership, control, or influence (FOCI); and
  • Mitigate supply chain risks using a framework that prescribes escalating risk management actions across four risk tolerance levels.

Alongside the DoD, the General Services Administration (GSA) recently introduced, as part of a draft solicitation for the Polaris small business government-wide IT contract, its own Vendor Risk Assessment Program (VRAP). According to the draft solicitation, the VRAP is designed to identify, assess, and monitor supply chain risks associated with FOCI, cybersecurity, and other factors, such as financial performance.

Photo of Adelicia R. Cliffe Adelicia R. Cliffe
Read more about Adelicia R. CliffeEmail
Photo of Kate M. Growley, CIPP/G, CIPP/US Kate M. Growley, CIPP/G, CIPP/US
Read more about Kate M. Growley, CIPP/G, CIPP/USEmail
Photo of Evan D. Wolff Evan D. Wolff
Read more about Evan D. WolffEmail
Photo of Michael G. Gruden, CIPP/G Michael G. Gruden, CIPP/G
Read more about Michael G. Gruden, CIPP/GEmail
Photo of Christopher Hebdon Christopher Hebdon
Read more about Christopher HebdonEmail
  • Posted in:
    Administrative, Corporate Compliance
  • Blog:
    Government Contracts Legal Forum
  • Organization:
    Crowell & Moring LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Tax Controversy & Financial Crimes Report
  • Roberts Disability Law Blog
  • Animal Law Update
  • International Labor and Employment Law
  • Wills, Trusts & Estates Prof Blog
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog