Susan Cassidy is quoted in Inside Cybersecurity regarding new rules and procedures around the operations of the Federal Acquisition Security Council. Ms. Cassidy says, “The FASC has a tremendous amount of discretion on how they can collect information internally, through contractors and from nonfederal entities. It is unclear to me how broadly that information can be shared within government and some of the limitations on when it can be shared with contractors.”
She adds that the FASC will have a “tremendous amount of discretion over what information to disclose as the basis for their decisions,” which in turn could impact how companies are able to submit appeals to their orders.
The FASC should look to supply chain risk management regulations set up by the Defense Department and Director of National Intelligence as models for how the council should operate, she adds.
“We have seen DOD and IC show a willingness to help companies fix things. If the government sees the FSAC as a way to effectuate change and address the concerns that they have on supply chain risk, this is could be useful process. If it is used as a means to just exclude companies without giving them meaningful ability to correct their concerns FASC will be a less effective measure,” she says.