Story excerpt provided by Nextgov.com.
The SolarWinds hack seems to be breathing new life into the supply chain security effort.
The General Services Administration could soon start requiring on-site assessments of certain federal contractors under a new program to scrutinize risks to the supply chain.
Tucked into the draft of a new governmentwide acquisition vehicle for information technology services called Polaris is language describing a tool to “identify, assess and monitor supply chain risks of critical vendors.” It would use classified and unclassified sources.
GSA said once the tool it’s developing—referred to as the Vendor Risk Assessment Program—is complete, “the contractor agrees the government may, at its own discretion, perform audits of supply chain risk processes or events,” adding, “on site assessments may be required.”
Originally published January 8, 2021