GAO Issues ‘Wake-Up Call’ Report on Agencies’ Lax Supply Chain Security Management

NextGov: Days after news that sophisticated hackers exploited a flaw in the SolarWinds Orion software to breach a major security company and victimized several federal agencies, the Government Accountability Office made public a major audit showing federal civilian agencies are failing to manage risks in the information and communication technologies supply chain.

Though GAO finished its audit several months ago, the timing of the release of the public version—which GAO shared Tuesday—underscored the audit’s significance: ICT supply chains are targets for adversaries, and without implementing “foundational” supply chain risk management, or SCRM, practices, agencies risk exploitation.

Read article