504.7003 General procedures.

      (a)GSA contracting activities may discuss supply chain concerns with the relevant Cyber-Supply Chain Risk Management Policy Advisor(s) listed on the GSA Acquisition Portal (http://insite.gsa.gov/cscrm) at any time, including during acquisition planning, requirements development, and post award.

      (b) The following groups are responsible for resolving Cyber-Supply Chain Events listed in 504.7005:

           (1) Occurrence of an IT security incident. Office of GSA IT.

           (2) Discovery of a prohibited article or source. GSA Supply Chain Risk Management Review Board.

           (3) Identification of supply chain risk information. GSA Office of Government-wide Policy.