Cyber-Supply Chain Risk Management (C-SCRM)
GSA to set baseline requirements for cloud providers through Ascend
Requirements will emphasize Cloud Smart objectives and cybersecurity supply chain risk management while providing agencies an open source experience.
Watchdog finds just two DOJ agencies adhering to supply chain risk requirements
The DOJ’s Office of Inspector General carried out an audit of cyber-supply chain risk management compliance across the department.
NIST gives agencies new guidance to prepare for next SolarWinds-like hack
During the 2020 SolarWinds hack, bad actors were able to access thousands of networks inside and outside government.
Agencies underscore software vulnerabilities in supply chain assessments
The pandemic revealed an overreliance on software developers with opaque supply chains and a high risk of "cascading effects" should their products be compromised.