"GAO Highlights Supply Chain Practices Amid SolarWinds Hack"

The Government Accountability Office (GAO) released a report revealing that most large agencies did not implement the National Institute of Standards and Technology's (NIST) Supply Chain Risk Management (SCRM) practices following closely after the SolarWinds breach, which affected the U.S. Treasury and Commerce Departments. The report compares agency policies against seven foundational practices for SCRM highlighted in various NIST guidance documents. It was discovered that most CFO Act agencies do not follow practices such as executive oversight of SCRM activities, the enforcement of organizational requirements for the supply chain, the establishment of procedures for detecting compromised products prior to their deployment, and more. This article continues to discuss the key findings shared by the GAO report on the implementation of SCRM practices by Federal agencies.

MeriTalk reports "GAO Highlights Supply Chain Practices Amid SolarWinds Hack"