Cybersecurity and Supply Chain Risk Management (SCRM) are becoming increasingly important in government contracting, and government agencies are now expecting companies to have documented Cybersecurity and SCRM plans. For this requirement, companies are required to submit a brief summary (seven pages or less) of their cybersecurity and SCRM assessment which describes their actions taken to “identify, manage, and mitigate supply chain and cybersecurity risk.” upcoming GWAC-IDIQ efforts that will require a Cybersecurity and/or SCRM plan include (not exhaustive):
Alliant 3
Solutions for Enterprise-Wide Procurement VI (NASA SEWP)
GSA Ascend
Army TADS Maintenance Program (ATMP 2)
Support Which Implements Fast Transitions (SWIFT) 6
Engineering and Information Technology Support Services (EITSS)
CIO Business Operation Support Services (CBOSS)
One Acquisition for Information Services + (OASIS+)
DLA JETS 2.0
VA Supply Chain Modernization
Common Hardware Systems – 6th Generation (CHS-6)
NextGen Procurement Service Agent – HIV (PSA HIV)
Information Technology Support Services 2 (ITSS 2)
This description should include industry certifications that substantiate this assessment [ISO 9001:2015 is an example]. Further, companies need to explain how they are minimizing supply chain risk for any hardware, software, embedded components, or information systems they may use. Also, companies need to explain how they will maintain cybersecurity and SCRM processes when they provide IT services for federal agencies.
Silver Bundle
C-SCRM Gold Bundle includes:
- Writers Guide, Tools and Resources
- SCRM Template for products and Value Added Reseller(s)
- SCRM Template for Service Providers (short version)
- Opening Paragraph Supplement (additional paragraphs that start the SCRM narrative and customize the content)
Gold Bundle
C-SCRM Gold Bundle includes:
- All Materials included in Gold Bundle
- SCRM Template for Service Providers (long version)
Platinum Bundle
C-SCRM Platinum Bundle includes:
- All Materials included in Gold Bundle
- Up to five (5) hours of direct consulting support via RWCO consultants.