Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Government needs more risk management across cyber supply chain, report says
Wednesday - 2/15/2012, 10:33am EST
Now a collaboration between academia and NIST has produced a plan for supply chain policy.
The University of Maryland has published a report, in collaboration with NIST, on how the government and industry are addressing the cyber supply chain challenge.
"We know that accelerating globalization and outsourcing of both software code and hardware production is presenting tremendous assurance challenges to the government and to the vendor community," said Sandor Boyson, co-director and research professor of supply chain management at the University of Maryland, in an interview with The Federal Drive with Tom Temin.
In their first phase of research, NIST and the university found that nearly half of 200 federal IT vendors surveyed did not have any kind of risk management mechanism in place. The results, Boyson said, were "quite disturbing."
In the past couple of years, industry has increased focus on risk management internally and in acquisition, but Boyson said more focus needs to be dedicated to "enterprise risk management across the supply chain."