GovernmentCIO: New DHS CIO Tackles Supply Chain Risk Management, Interoperability

“The Department of Homeland Security is in the process of setting up a supply chain risk management office to report to the chief information security officer, DHS CIO Eric Hysen told GovernmentCIO Media & Research…”

“Some potential priorities of the new office could be to incorporate a ‘software bill of materials’ to keep track of every single piece of software in a supply chain. The idea of an SBOM is gaining traction in federal IT and cybersecurity conversations.

An SBOM is especially attractive to DHS, Hysen said, because ‘there are not a lot of standards’ for critically assessing software vendors.

‘As we look at specifically addressing the SolarWinds breach, we’re looking at better evaluating the security of off-the-shelf software and using on our network or giving access to our data,’ Hysen told GovernmentCIO Media & Research. ‘This is a relatively new area and one we’re looking to be an aggressive early adopter in.’…”

“Hysen is also interested in a DHS-tailored version of the Defense Department’s Cybersecurity Maturity Model Certification standards, but wants to be mindful of the effect these types of standards could have on small, minority-owned, and women-owned businesses, some of which he said have some of the most innovative and modern cybersecurity practices…”

“One of the first initiatives Hysen launched when he assumed the CIO role in February was the Zero Trust Action Group to share best practices for implementing a zero trust approach to cybersecurity across DHS components.

‘Thankfully zero trust is something DHS has been working on for quite a while … it’s a fundamental rethinking of our approach to cybersecurity,’ Hysen said. ‘We’re moving from this outdated criminal defense model where if we have the right defenses at the edge of our network, we don’t have to be concerned about what goes on inside. We consistently see from sophisticated breaches that’s not how our adversaries work.’…” Read the full article here.

Source: New DHS CIO Tackles Supply Chain Risk Management, Interoperability – By Kate Macri, July 14, 2021. GovernmentCIO.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 2 months, 1 week ago.

  • Author
    Posts
  • #132347

    Replies viewable by members only

    0

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?