Government Procurement: Increased Security Scrutiny in IT Supply Chains


New laws and regulations require contractors who supply information technology in their products to control supply chain risk.

The US Government (USG) has adopted a series of laws and regulations that focus increased scrutiny on the security of supply chains for information technology (IT) procured for government use. These laws and regulations will impose new obligations on contractors to understand their full supply chains (particularly to the extent of any significant foreign sourcing) and to create legal and operational mechanisms to address and control security risks that might arise from characteristics of their supply chains. These laws and regulations may also affect decisions regarding mergers and acquisitions that involve government contractors, particularly in cross-border transactions.

Summary of Laws and Regulations -

In 2008, President Bush issued the Comprehensive National Cybersecurity Initiative (CNCI) to address the growing threat of cyber intrusions and attacks on US networks, both within government and in critical infrastructure. One of the CNCI’s key recommendations focused on the risk that IT supply chain exploitation could be used to launch such intrusions and attacks: “Initiative #11. Develop a multi-pronged approach for global supply chain risk management. …Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services.”

Please see full Commentary below for more information.

LOADING PDF: If there are any problems, click here to download the file.