DHS seeks help with IT supply chain

The Department of Homeland Security is looking for a sharable, non-classified resource on cybersecurity risks in the IT supply chain.

With government agencies at all levels dependent on private vendors for technology providers and integrators, the global IT supply chain "is a significant source of risk to the nation," according to an Aug. 17 sources sought notice posted to FedBizOpps.

DHS is seeking a source of "due diligence information" to help federal, state, local, tribal and territorial governments with source selection and contract performance evaluations, audits and investigations and the development of information system authorization. The idea here is for the solution to be non-classified, easily sharable across different levels of government and aligned with existing practices "in the vendor community and insurance industry."

Risk information will cover system lifecycle from design to acquisition to maintenance. The contracting documents suggest that "supply chain threats and vulnerabilities may intentionally or unintentionally compromise an ICT product or service at any stage of the lifecycle."

DHS plans to use responses to its contacting notice to plan the possible acquisition of a supply chain risk assessment capability. Click here to read the full solicitation.