MAR 06, 2019 | US
BSA Submits Supply Chain Security Recommendations to Congress
Politico Morning Cybersecurity, March 7, 2019
By Tim Starks
The Pentagon’s supply chain security program should accommodate businesses concerned about “opaque” decisions to ban their products from military networks, the software trade group BSA said Wednesday in a letter to the leaders of the House and Senate Amed Services committees. The most recent defense policy bill gave the Pentagon the authority to put companies on blacklists if their products are deemed insecure or risky, and BSA said that while it understood the need for these “potent tools,” there was “a risk that such opaque processes” would encourage foreign governments to make “non-risk management-based protectionist” decisions.
BSA recommended that this blacklist program be amended to require “processes to, absent exceptional circumstances, notify vendors excluded from a competition of their exclusion and the reasons for it and to ensure a viable means of protesting or appealing the exclusion decision.” The letter also made recommendations about supply chain research, vendor contract language, and relying on industry standards. And it encouraged Congress to direct the Pentagon to buy commercial off-the-shelf software wherever appropriate.
Original Posting: https://www.politico.com/newsletters/morning-cybersecurity/2019/03/07/next-up-at-rsa-election-security-dhs-and-nsa-536861
ABOUT BSA
The Business Software Alliance (www.bsa.org) is the global trade association of the enterprise software industry, representing companies that are leaders in artificial intelligence, cybersecurity, cloud computing, and other cutting-edge technologies. We work in over 20 markets in the US, Europe, and Asia, advocating for policies that build trust in technology so that every industry sector and the public can benefit from innovation. BSA also supports its members and their customers by raising awareness of the risks of unlicensed software use and the benefits of software asset management, driving license compliance and software adoption around the world through sound IT procurement.