Fandom

The IT Law Wiki

IT Supply Chain: National Security-Related Agencies Need to Better Address Risks

32,167pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

Government Accountability Office, IT Supply Chain: National Security-Related Agencies Need to Better Address Risks (GAO-12-361) (Mar. 23, 2012) (full-text).

Overview Edit

The GAO was asked to identify (1) the key risks associated with the IT supply chains used by federal agencies; (2) the extent to which selected national security-related departments have addressed such risks; and (3) the extent to which those departments have determined that their telecommunication networks contain foreign-developed equipment, software, or services.

The GAO found that reliance on a global supply chain introduces multiple risks to federal information systems. These risks include threats posed by actors — such as foreign intelligence services or counterfeiters — who may exploit vulnerabilities in the supply chain. This in turn can adversely affect an agency's ability to effectively carry out its mission.

IT supply chain-related threats can be introduced in the manufacturing, assembly, and distribution of hardware, software, and services. Moreover, these threats can appear at each phase of the system development life cycle, when an agency initiates, develops, implements, maintains, and disposes of an information system. As a result, the compromise of an agency's IT supply chain can degrade the confidentiality, integrity, and availability of its critical and sensitive networks, IT-enabled equipment, and data.

Also on Fandom

Random Wiki