OMB tees up supply chain regs

By julia.m shutterstock ID: 779956477 

The Office of Management and Budget has released an interim regulation outlining the interagency process that will allow agencies to bar companies from federal contracting when they constitute a supply chain security risk.

The rule, authorized by the the Federal Acquisition Supply Chain Security Act of 2018, offers a number of pathways to request excluding a particular vendor from contracting with the federal government. Individual member agencies or the full Federal Acquisition Security Council can make a recommendation, outside agencies or governmental bodies can submit a written request, or the council can consider tips from "any individual or non-federal entity that the FASC determines to be credible."

The council must then conduct "due diligence" to determine if the risks are valid, including "ensuring to the extent possible, that the information is credible or that the level of confidence in the information is appropriately taken into consideration," examining "other relevant publicly available information as necessary and appropriate" and consulting with the National Institute for Standards and Technology to ensure such exclusion is in line with federal guidelines and standards.

After that, the council can make a recommendation to the Director of National Intelligence or Secretaries of Homeland Security or Defense, who will ultimately decide whether to issue an exclusion order barring that company or product from future federal contracts. They must also give notice to the supplier that they are being recommended for exclusion and offer an opportunity to clarify or rebut any credible claims that they their product or relationship with a foreign government poses a supply chain risk.

"This due process procedure is intended to provide the named source(s) with the information needed for the source(s) to respond to the recommendation," the rule states.

Even if the council opts not to recommend exclusion, they may still share the information they received with others under certain circumstances.

The FASC is made up of representatives from across government and was designed to formalize the sort of ad-hoc decision-making that led to the banning of vendors like Kaspersky Labs, Huawei and ZTE from federal procurement channels, on the logic that they are too closely tied to adversarial foreign governments. Such connections, U.S. officials argue, represent an unacceptable risk of espionage through backdoors placed in their products or by the companies routing data to home countries where foreign laws may make it easier to access them. All three companies have vigorously denied charges that they spy or facilitate spying on behalf of foreign governments.

One thing the rule doesn't address is legal liability for private companies who share information about possible supply chain threats. A working group under the Supply Chain Task Force has determined that private companies seeking to pass along tips or suspicious behaviors in the supply chain space could face lawsuits for defamation or interfering with a contract if the information doesn't pan out. While federal officials want to take advantage of such tips, broad liability protections could also create an incentive for false reporting or bad faith accusations about competitors.

The comment period on the rule closes Nov. 2.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected