The Office of Management and Budget (OMB) released a new interim final rule in today’s Federal Register detailing Federal Acquisition Security Council (FASC) guidelines for managing supply chain risk, and recommending the removal and exclusion of IT and communications that fall below the standard. […]

The Senate on Dec. 18 approved by unanimous consent S. 3085, the Federal Acquisition Supply Chain Security Act.  This bill, according to its text, would “establish a Federal Acquisition Security Council and … provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology.” […]

Supply chains increasingly are being targeted by attackers, according to Accenture’s Cyber Threatscape Report. […]

Joyce Corell, assistant director for the supply chain directorate at the Officer of the Director of National Intelligence’s (ODNI) National Counterintelligence and Security Center, predicts that regulation or other means to manage IT supply chain security risk is inevitable, given increased emphasis on the topic across government. Speaking at an Information Security and Privacy Advisory Board meeting Friday, Corell said rumblings across the Federal space concerning supply chain risk will soon likely lead to even more formal steps. […]

Sens. James Lankford, R-Okla., and Claire McCaskill, D-Mo., today introduced legislation that would create a Federal Acquisition Security Council to oversee creation of a government-wide strategy to address supply IT chain security and mitigate supply chain security threats from IT equipment and service purchases. […]