According to Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales, the government is just weeks away from establishing new security standards for Software vendors. "There's just a lot more that we can do, and I think in the coming weeks, you will see the government roll out some of its initiatives in this area," Wales said at an event Tuesday hosted by the public-private Cyber Initiatives Group. The major tech companies are eagerly awaiting the Biden administration's approach to supply chain security.
"I think it's not necessarily a question of international versus domestic supply chains, but it's a matter of what is the supply chain risk management approach that we're taking to identify potentially problematic vendors or critical products or services that need an enhanced level of scrutiny,"told Wales."That is certainly an area that we are actively working with the Office of Management and Budget on and with other federal agencies to ensure that we put that in place," he said in response to Rosen, who asked whether CISA was planning on extending its binding operational directive on the issue to contractors.
"There's a lot that we need to do through the federal contracting process to ensure that the vendors that are providing IT products and services for the federal government have the appropriate level of cybersecurity in place," he said, noting such action wouldn't necessarily come from a CISA directive.During the hearing, Wales said agencies are working together to ensure consistency in the government's supply chain security approach across the Commerce Department rule.