DoD and GSA Take Aim at Supply Chain Risks
The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to:
Assess contractors’ cybersecurity posture, including, where applicable, verifying compliance with the DoD’s newly introduced Cybersecurity Maturity Model Certification (CMMC);
Consider the extent to which contractors…