“On August 10, 2021, GSA hosted the government-wide kickoff of the Cyber Supply Chain Risk Management (C-SCRM) Acquisition Community of Practice (ACoP) and was encouraged by the engagement and interest from attendees. The C-SCRM ACoP is an evolutionary extension of the C-SCRM Cybersecurity Standards Innovation Group (CyberSIG) initiated by the Cybersecurity and Infrastructure Security Agency (CISA) in FY20, but sunsetted in July of this year. The shared goals and objectives of C-SCRM ACoP are to broaden the level of awareness and develop agency maturity in the areas of acquisitions, information communication technology and services (ICTS) supply chain risk management, and cybersecurity across the Federal Government.
Many federal departments and agencies have limited C-SCRM capabilities, resources, governance, guidance, and training; especially in acquisition of information and communications technology (ICT). Executive Order #14028, ‘Improving the Nation’s Cybersecurity,’ mandates enhanced C-SCRM contracting requirements and guidance that holds vendors accountable for assessing the risk of their supply channels, particularly in the area of embedded software. It is imperative to define and articulate the acquisition needs in support of the federal government with immediate focus on the adoption and integration of C-SCRM best practices into every phase of the acquisition lifecycle, and for this community to share examples of when government and industry have done this successfully.
One of the first big initiatives that the C-SCRM ACoP will take on is GSA and CISA co-leading an effort to work with agencies to mature the integration of C-SCRM into the acquisition process. The outcome will be increased maturity on strategy, governance, and operations based on lessons learned. We look forward to connecting with everyone from across the Federal Government as we begin this collaborative journey through our campaigns to build stronger C-SCRM acquisition programs…” Read the full blog post here.
Source: GSA Kicks Off Government-Wide Cyber Supply Chain Risk Management Acquisition Community of Practice – October 18, 2021. GSA.