Government Procurement: Increased Security Scrutiny in IT Supply Chains


New laws and regulations require contractors who supply information technology in their products to control supply chain risk.

The US Government (USG) has adopted a series of laws and regulations that focus increased scrutiny on the security of supply chains for information technology (IT) procured for government use. These laws and regulations will impose new obligations on contractors to understand their full supply chains (particularly to the extent of any significant foreign sourcing) and to create legal and operational mechanisms to address and control security risks that might arise from characteristics of their supply chains. These laws and regulations may also affect decisions regarding mergers and acquisitions that involve government contractors, particularly in cross-border transactions.

Summary of Laws and Regulations -

In 2008, President Bush issued the Comprehensive National Cybersecurity Initiative (CNCI) to address the growing threat of cyber intrusions and attacks on US networks, both within government and in critical infrastructure. One of the CNCI’s key recommendations focused on the risk that IT supply chain exploitation could be used to launch such intrusions and attacks: “Initiative #11. Develop a multi-pronged approach for global supply chain risk management. …Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services.”

Please see full Commentary below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Written by:


Latham & Watkins LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.