Cybersecurity and Supply Chain Risk Management (SCRM) are becoming increasingly important in government contracting, and government agencies are now expecting companies to have documented Cybersecurity and SCRM plans. For this requirement, companies are required to submit a brief summary (seven pages or less) of their cybersecurity and SCRM assessment which describes their actions taken to “identify, manage, and mitigate supply chain and cybersecurity risk.” upcoming GWAC-IDIQ efforts that will require a Cybersecurity and/or SCRM plan include (not exhaustive):
Alliant 3
Solutions for Enterprise-Wide Procurement VI (NASA SEWP)
GSA Ascend
Army TADS Maintenance Program (ATMP 2)
Support Which Implements Fast Transitions (SWIFT) 6
Engineering and Information Technology Support Services (EITSS)
CIO Business Operation Support Services (CBOSS)
One Acquisition for Information Services + (OASIS+)
DLA JETS 2.0
VA Supply Chain Modernization
Common Hardware Systems – 6th Generation (CHS-6)
NextGen Procurement Service Agent – HIV (PSA HIV)
Information Technology Support Services 2 (ITSS 2)
This description should include industry certifications that substantiate this assessment [ISO 9001:2015 is an example]. Further, companies need to explain how they are minimizing supply chain risk for any hardware, software, embedded components, or information systems they may use. Also, companies need to explain how they will maintain cybersecurity and SCRM processes when they provide IT services for federal agencies.
No Downloads found