Government Procurement: Increased Security Scrutiny in IT Supply Chains


New laws and regulations require contractors who supply information technology in their products to control supply chain risk.

The US Government (USG) has adopted a series of laws and regulations that focus increased scrutiny on the security of supply chains for information technology (IT) procured for government use. These laws and regulations will impose new obligations on contractors to understand their full supply chains (particularly to the extent of any significant foreign sourcing) and to create legal and operational mechanisms to address and control security risks that might arise from characteristics of their supply chains. These laws and regulations may also affect decisions regarding mergers and acquisitions that involve government contractors, particularly in cross-border transactions.

Summary of Laws and Regulations -

In 2008, President Bush issued the Comprehensive National Cybersecurity Initiative (CNCI) to address the growing threat of cyber intrusions and attacks on US networks, both within government and in critical infrastructure. One of the CNCI’s key recommendations focused on the risk that IT supply chain exploitation could be used to launch such intrusions and attacks: “Initiative #11. Develop a multi-pronged approach for global supply chain risk management. …Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services.”

Please see full Commentary below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Latham & Watkins LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.