OIG: DOJ Cyber Supply Chain Risk Management Program Lacking
DOJ’s Justice Management Division lacks staff to effectively manage its cyber supply chain risk management (C-SCRM) program, the Office of Inspector General reported Thursday. Lack of “personnel resources” resulted in “widespread noncompliance, outdated guidance, inadequate threat assessments, and insufficient mitigation…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
and monitoring actions,” OIG said. The division needs to “provide communication, outreach, and training to Department components and develop procedures to periodically assess their efforts,” OIG concluded. The FBI’s C-SCRM program is “more modern,” but millions of dollars in IT goods might not have gotten proper inspection based on cyber requirements, OIG said. The office recommended the Drug Enforcement Administration develop its own C-SCRM program, as required by an intelligence community directive.