Federal government officials suggested this week that quick action, plus a lot of collaboration, can help agencies boost their supply chain risk management (SCRM) efforts.
The officials discussed SCRM problems and solutions on Jan. 30 at a GovExec event focused on the NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract) that provides information and communications tech products and services for Federal agencies and contractors.
One of the issues that continues to plague SCRM efforts at some agencies is complacency in the form of waiting for other agencies such – like the National Institute of Standards and Technology (NIST) or the Office of Management and Budget (OMB) – to update SCRM-related policies.
Jon Boyens, deputy chief of the Computer Security Division at NIST, pointed out the need for agencies to move away from the waiting game, and to take action.
“Agencies need to need to stop waiting for an OMB memo or binding operational directive,” he said. “I think that’s just got to stop, this is risk management. This is an aspect of risk, and so there are very simple things that can be done [and] that should be done anyway without…a specific directive,” stated Boyens.
During the same discussion, panelists pointed to the value of collaboration and how agencies can help each other through sharing how they are securing their own supply chains while working with vendors.
NASA Program Manager Kanitra Tyler talked about her agency’s collaboration on SCRM practices, and said NASA employs the three “Cs” in that effort.
“At NASA we simplify things with acronyms and catchphrases, so I’m gonna say it’s the three C’s – consume, collaborate, commit,” Tyler said.
“We are consuming the OMB memorandums, we are consuming the executive orders, we are consuming the binding operational directives, we are consuming the guidance from this,” she said. “But with all of that, the key that has already been mentioned, it is collaborating both internally and externally,” Tyler said.