The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for supply chain management

By

CMMC standards for non-defense contractors could be coming

The Department of Defense‘s push to secure its leaky supply chain from cyberattacks might “rapidly” become a standard for civilian agencies too.

Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Thursday that she has met with Chris Krebs — the head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) — to discuss the DoD’s new Cybersecurity Maturity Model Certification (CMMC) and how it could translate eventually to civilian, non-defense federal contractors.

Arrington was said she believes CMMC “will become a federal standard for the whole of government rapidly.” But, a CISA official was more cautious about amplifying CMMC beyond its defense acquisition purposes, saying “civilian agencies operate under separate acquisition authorities and CMMC is a DoD-specific program.”

“CISA is certainly following the development of CMMC with great interest and it’s likely that civilian agencies will naturally benefit from CMMC implementation,” the official told FedScoop. “Due to that overlap, we aim to harmonize our cybersecurity approaches as much as possible, including on directives.”

Keep reading this article at: https://www.fedscoop.com/cmmc-federal-standards-for-acqusition/

By

GSA’s e-commerce initiative strained by new protests, questions over supply chain risks

There was a flurry of lawmakers seemingly troubled, disappointed and disturbed about the lack of governmentwide progress to move to the Enterprise Infrastructure Solutions (EIS) contract.

While the reality is most of the lawmakers probably had never heard of EIS until their staff explained to them 10 minutes before the hearing started that it’s a way for agencies to modernize their voice, video and data services, the House Oversight and Reform Subcommittee on Government Operations created at least an newsworthy façade last week.

The hearing also ferreted out a host of other valuable news nuggets about several of the General Services Administration’s technology services.

As one never to let a good almost 90-minute hearing go to waste, the subcommittee pressed GSA on the status and future of its e-commerce platform initiative.

About an hour into the hearing, Rep. Mark Meadows, R-N.C., ranking member of the subcommittee and the incoming chief of staff for President Donald Trump, asked what seemed like a simple question about GSA’s e-commerce platform initiative.

“Are you going to have the two awardees by the end of the month?” Meadows asked.

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/03/gsas-e-commerce-initiative-strained-by-new-protests-questions-over-supply-chain-risks/

By

Industry on pins and needles as DoD and accreditation body work to finalize CMMC agreement

The Defense Department is one small step away from officially getting the Cybersecurity Maturity Model Certification (CMMC) off the starting blocks.

Ellen Lord, the undersecretary of Defense for Acquisition and Sustainment, is ready to sign off on the memorandum of understanding with the CMMC accreditation body that would jumpstart the training of third-party assessment organizations.

Katie Arrington, the chief information security officer for acquisition at DoD, said the MOU is through the clearance process and is just awaiting Lord’s signature.

Arrington, speaking at the Washington Technology CMMC event in McLean, Virginia on March 13, said once the MOU is signed, the six-month push to begin putting CMMC standards in procurements officially will begin.

“The accreditation board, the Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University and DoD are going through simulations of training, working through the kinks,” she said. “The first session of classes will actually be a lot of the proof in the pudding, and DoD will be there to help through this. This is new so we want to make sure we get it right.”

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/03/industry-on-pins-and-needles-as-dod-accreditation-body-to-finalize-cmmc-agreement/

By

Supply chain security requires acquisition reform, security experts say

To secure the government’s IT ecosystem, agencies must better understand their tech, the vendors who built it, and those companies’ suppliers.

The government can make significant progress in securing its IT supply chain by following a few basic procurement practices, but most agencies have yet to adopt them, according to federal security experts.

While government leaders have recently given a lot of attention to the supply chain security threats posed by foreign vendors, officials must devote equal energy to reforming their acquisition policies so they put those warnings to good use, experts said. Those efforts require an in-depth understanding of both the government’s IT infrastructure and the countless firms in its vendor pool, they said, but today that remains a challenge for most agencies.

“Supply chain [security] is where we were with cyber[security] maybe 15, 20 years ago,” Michele Iversen, director of risk assessment and operational integration at the Defense Department, said during a panel at the recent Fifth Domain’s CyberCon event. “We really don’t really have the visibility that we need to know where the threats are and what’s actually happening.”

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/11/supply-chain-security-requires-acquisition-reform-security-experts-say/161251/

By

Is Congress in the dark on supply chain risk?

Top senators on the Senate Homeland Security Committee have warned the Office of Management and Budget that IT professionals in Congress and the federal judiciary may not be getting all the supply chain risk information they need to secure their computer systems and networks as they make acquisitions.

The senators wrote to OMB Director Mick Mulvaney ″urging” the Federal Acquisition Security Council (FASC) to develop a strategic plan for sharing supply chain security information with Congress and the judiciary. The letter is signed by Chairman Ron Johnson, R-Wisc.; Ranking Member Gary Peters, D-Mich.; Sen. Tom Cotton, R-Ark.; and Sen. Ron Wyden, D-Ore.

The FASC is responsible for increasing information sharing within the federal government regarding supply chain risk and creating guidelines and practices for risk management. The FASC distributes the intelligence community’s supply change risk management (SCRM) threat analysis to federal civilian agencies making acquisitions decisions. But the senators said that the information from FASC is not reaching the other two branches of government and supply chain solutions that work for executive agencies don’t necessarily work for the “whole of government.”

Keep reading this article at: https://www.fifthdomain.com/civilian/omb/2019/10/11/is-congress-in-the-dark-on-supply-chain-risk/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter