An Official Website Of The United States Government

My Favorites


504.7002 Policy.

504.7002 Policy.

      (a) The Federal Information Security Modernization Act of 2014 and associated National Institute of Standards and Technology (NIST) guidance requires Federal agencies to manage supply chain risks for Federal information systems.

      (b) OMB Circular A-130, “Managing Information as a Strategic Resource,” directs agencies to implement supply chain risk management principles to protect against the insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software, as well as poor manufacturing and development practices throughout the system development life cycle.

      (c) The SECURE Technology Act (Public Law 115-390) requires GSA to have a lead representative of the agency on the Federal Acquisition Security Council as well as address supply chain risks posed by the acquisition of covered articles.