Cyber-supply chain risk management
On December 12, 2023, GSA’s Senior Procurement Executive issued Acquisition Letter MV-22-06, Supplement 1, “Cyber-Supply Chain Risk Management (C-SCRM) Requirements for Leasing.” MV-22-06, Supplement 1 listed all of the applicable mandatory C-SCRM provisions and clauses applicable to lease contracts. MV-22-06, Supplement 1 required that all leases awarded on or after December 12, 2023, include these C-SCRM clauses and provisions, as applicable. In response, GSA amended its existing templates (i.e., GSA Form 3517A and 3517B) to include any missing C-SCRM clauses.
In addition, MV-22-06, Supplement 1 requires the amendment of our existing high-risk leases, to include all applicable C-SCRM clauses and provisions. To accomplish this, on September 4, 2024, GSA issued lease amendments to affected lessors using DocuSign. Each lessor should have received an initial communication email from GSA on August 29, 2024, followed by an email from DocuSign on or about September 4, 2024, notifying them of the lease amendment containing the applicable C-SCRM clauses. Lessors are requested to electronically sign the lease amendment in DocuSign, and, if applicable, complete the GSAR 552.270-33 representation regarding foreign ownership. Lessors will receive a notification through DocuSign, along with an attached copy of the executed Lease Amendment, once GSA has counter-signed the Lease Amendment.
GSA asks that our affected lessors review and sign these lease amendments at their earliest convenience. We sincerely appreciate the cooperation of our lessor community in addressing these increasing C-SCRM risks to the Government and to the private sector.
If you have any questions, please reach out to us using the contact information in our email correspondence.
Note: If you have questions regarding clauses related to Section 889 of the 2019 National Defense Authorization Act (NDAA), please visit Section 889 Policies_Acquisition.gov