General Information Company Information Create My Account

Free 5-day trial.

Once you sign-up, you can add 4 additional team members within your EZGovOpps Portal. If you have a team member that already has an EZGovOpps account, ask them to get add you. If you sign-up for your own trial you will not be able to experience the extensive collaboration tools that are available within EZGovOpps.

First name:

Last name:

Title:

Email:

Phone:

Company Information

Company:


Primary NAICS:


Postal Code:


Employees:

How did you hear about EZGovOpps?:
If your selection has a * symbol,please
share more details as to your selected choice


Do you have a unique socio economic status?:
Small Business
Total Small Business
Hubzone
WOSB
8(a)
Emerging Small Business
VOSB
SDVOSB
Economically Disadvantaged WOSB


Is your company registered with the Federal Government (Sam.gov)?:
Yes
No
Not Sure

Create Account

Referred By:



Your trial will expire at Midnight on .



Email me EZGovOpps Updates and Events
Subscribe to receive GovEvents
I agree to the EZGovOpps Terms of Service
    Terms and Conditions

Congratulations! Your 5-Day free trial awaits.

Your validation/activation email should arrive in your inbox within 15 minutes.
if you don't see it, please check your spam/clutter folder.
Step 1) Validate Sign-Up via Email Step 2) Login to EZGovOpps Step 3) Experience EZGovOpps free!
Need assistance? EZGovOpps Ultimate Member Support can be reached by email at support@ezgovopps.com

Schedule a personalized demo to enhance your evalution.

EZGovOpps Member Portal Secure Log In

Enter your email address and we will send you password reset instructions.

Get started with your free 5 day trial.

Supply chain becomes next cybersecurity focus

An airfield systems technician examines a circuit board at Hurlburt Field, Fla., June 17, 2016. (U.S. Air Force photo by Airman 1st Class Joseph Pick)

An airfield systems technician examines a circuit board at Hurlburt Field, Fla., June 17, 2016. (U.S. Air Force photo by Airman 1st Class Joseph Pick)

After the government’s swift efforts to remove Kaspersky products from federal IT systems, DHS reported that all federal agencies have removed Kaspersky software from their systems. DHS is now reportedly focusing on the supply chain for IT products to ensure Kaspersky software is not embedded in products in early stages of the supply chain. Other agencies are also planning standards for supply chain risk management, and Congress has drafted requirements in a funding bill for FY19 for certain agencies to consult with federal entities over the supply chain risk to new IT systems being acquired. These could all be factors which impact federal IT acquisition, which continues to grow rapidly in the federal market, as emphasized by our coverage.

While the FY19 NDAA includes its own IT requirements for DOD, the separate FY19 funding bill for the Departments of Commerce (DOC), Justice (DOJ), and related agencies was drafted in the House of Representatives with section concerning supply chain risk for those departments. Those agencies would have to consult with the National Institute of Standards and Technology (NIST), the FBI, and other relevant agencies to understand the supply chain risks associated with acquiring a “high-impact or moderate-impact information system,” and produce a plan to mitigate any risks which may arise from procuring the system from the prospective awardee.

NIST, itself a sub-agency of DOC, has included new supply chain risk management (SCRM) concepts in a new draft of its Special Publication 800-37- Risk Management Framework (RMF). Agencies using the RMF to assess cyber risk would have to form a SCRM plan which addresses supply chain risks which “include the insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the supply chain.” In an environment increasingly relying on component parts built across the global economy, this kind of scrutiny will be particularly visible in the acquisition of commercial off-the-shelf (COTS) products.

While the RMF recommends that an agency build a relationship with the external provider for better visibility into the “processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products,” it simultaneously mentions those relationships between agency and provider as risk in and of themselves. This management of supply chain risk would extend not only to component and product providers, but to the evergrowing field of cloud services, with “external providers handling federal information or operating systems on behalf of the federal government” subject to stringent security standards, including supply chain requirements. While the RMF draft preaches cooperation with the product/services providers, the RMF emphasizes that regardless of the assurances from and agreements with external providers, the responsibility for risk management ultimately falls on the agency responsible for the acquisition.

Kaspersky is not the only foreign company facing scrutiny in public, with Chinese cellphone manufacturers Huawei and ZTE recently experiencing bans by certain federal agencies (and sanctions for ZTE) due to certain activities and associated risks. With Kaspersky products clear of federal networks, this month DHS mentioned the potential to punish federal contractors for their own use of Kaspersky software.

Tracking opportunities in the EZGovOpps file cabinet.

Tracking opportunities in the EZGovOpps file cabinet.

Interested in learning more about contracting opportunities with the agencies mentioned above, or IT acquisition at other agencies? Sign up for a free trial with EZGovOpps. In less than 60 seconds, you will have access to the premier government market intelligence tool, allowing for access to more history on DOD programs, custom analyst updates, Industry Day information, and daily tracking from the solicitation period through to final contract awards. Easily set up your profile for alert notifications on these exciting RFPs.

Don’t forget to view our full GovCon News section for more intel.

Leave a Reply