OIG: DOJ Cyber Supply Chain Risk Management Program Lacking
DOJ’s Justice Management Division lacks staff to effectively manage its cyber supply chain risk management (C-SCRM) program, the Office of Inspector General reported Thursday. Lack of “personnel resources” resulted in “widespread noncompliance, outdated guidance, inadequate threat assessments, and insufficient mitigation…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
and monitoring actions,” OIG said. The division needs to “provide communication, outreach, and training to Department components and develop procedures to periodically assess their efforts,” OIG concluded. The FBI’s C-SCRM program is “more modern,” but millions of dollars in IT goods might not have gotten proper inspection based on cyber requirements, OIG said. The office recommended the Drug Enforcement Administration develop its own C-SCRM program, as required by an intelligence community directive.