The Senate has passed new legislation that would create a standardized training program for federal personnel responsible for acquiring technology systems.
Senators unanimously agreed Tuesday to pass the Supply Chain Security Training Act with one amendment. The bill is intended to improve government employees’ awareness of growing threats to national security presented by hostile actors seeking to interfere with government technology systems and help them to mitigate such risks.
The legislation now moves forward for consideration in the House.
If signed into law, the legislation would direct the General Services Administration, in coordination with the Department of Homeland Security, the Department of Defense and the Office of Management and Budget, to create a supply chain security training program for federal officials with supply chain risk management responsibilities. The program would be administered through the Federal Acquisition Institute.
The legislation also would require the Office of Management and Budget to develop guidance for such training and on how to select which officials that should be required to participate.
The bipartisan legislation is co-sponsored by Sens. Ron Johnson, R-Wisc., and Maggie Hassan, D-N.H. It is based on a bill previously introduced in 2019, which was also focused on improving cybersecurity training to remedy supply chain risk for federal agency IT systems.
Supply chain risk within the software used by federal government agencies came into sharp focus following the 2020 SolarWinds hack when the systems of at least nine agencies were compromised.
In October, House lawmakers passed a bill that would require the Department of Homeland Security to demand a software bill of materials (SBOM) from all contractors providing the department with software. That bill has yet to be considered by lawmakers in the Senate.