Executive Briefings

DoD Rule Says Pentagon Can Weigh IT Supply Chain Risk in National Security Procurement

The U.S. Department of Defense has issued an interim rule allowing the agency to consider supply chain risk in certain procurements related to national security systems, citing an "urgent need" to protect such programs from sabotage.

DoD Rule Says Pentagon Can Weigh IT Supply Chain Risk in National Security Procurement

Under the rule, suppliers that fall short of risk-reduction standards can be excluded from certain national security systems-related information-technology contracts.

"It is necessary to reduce the supply chain risk in the acquisition of sensitive information-technology systems" used for intelligence or cryptologic activities, for command and control of military forces, or that form integral weapons-systems parts, the DoD's Defense Acquisition Regulations System says in a Nov. 18 Federal Register notice.

The rule addresses the risk, as defined by Congress, "that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system," the notice says.

Read Full Article

Under the rule, suppliers that fall short of risk-reduction standards can be excluded from certain national security systems-related information-technology contracts.

"It is necessary to reduce the supply chain risk in the acquisition of sensitive information-technology systems" used for intelligence or cryptologic activities, for command and control of military forces, or that form integral weapons-systems parts, the DoD's Defense Acquisition Regulations System says in a Nov. 18 Federal Register notice.

The rule addresses the risk, as defined by Congress, "that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a covered system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system," the notice says.

Read Full Article

DoD Rule Says Pentagon Can Weigh IT Supply Chain Risk in National Security Procurement