We operate in a world of increased risk as agencies further rely on information and communications technology in purchasing a wide variety of products and services. We recognize that adversaries in this space have become increasingly sophisticated. GSA is committed to improving and strengthening our security posture and strategy for addressing cyber threats within the supply chain.
Along with leading governmentwide policy efforts, GSA’s Office of Government-wide Policy coordinates GSA’s enterprise-level Supply Chain Risk Management (SCRM) program. We have created a Cyber-Supply Chain Risk Management (C-SCRM) Strategic Plan to provide a strategic roadmap for implementing effective SCRM capabilities and practices. To further mature GSA’s C-SCRM program, this plan identifies three strategic objectives:
- Address GSA’s highest enterprise-level supply chain risks
- Further mature GSA’s acquisition workforce’s awareness of and capabilities to manage supply chain risks
- Standardize and expand GSA’s operational management of supply chain risks
GSA’s SCRM responsibilities are distributed throughout the organization based on function and capabilities. GSA uses robust information technology governance and works to continually address the changing nature of supply chain risk.