The U.S. Federal Acquisition Security Council (FASC) issued an interim final rule implementing aspects of the Federal Acquisition Supply Chain Security Act of 2018 (FASCSA) and establishing the laws governing how the council will share information on supply chain risks and how it will recommend exclusion and removal orders. The interim final rule was published Sept. 1, and the open commenting period extends until Nov. 2.
The FASCSA was signed into law Dec. 21, 2018, and established the FASC, an interagency council that is chaired by a senior-level official from the Office of Management and Budget and includes representatives from the Department of Homeland Security, the Office of the Director of National Intelligence, the Department of Justice, the Department of Defense and the Department of Commerce.
The FASCSA and FASC together are a major pillar of the United States federal government’s drive to secure information and technology supply chains and create a government-wide information sharing process on supply chain risks. The drive to do this focuses primarily on the information technology (IT) industry and IT-related supply chains—through cybersecurity efforts such as the Cybersecurity Maturity Model Certification and various efforts to freeze out Chinese tech companies that are allegedly engaged in cyberespionage.