The National Aeronautics and Space Administration (NASA) Solutions for Enterprise-Wide Procurement (SEWP) recently published a Supply Chain Risk Management (SCRM) white paper to assist federal agencies in their efforts to secure the Information and Communication Technology (ICT) and Audio Visual (AV) assets that enter the government’s federal infrastructure. The OTTPS-NIST Standards Crosswalk white paper analyzes, for the first time, the intersections and crossovers between The Open Trusted Technology Provider™ Standard (OTTPS) ISO 20243 & National Institute of Standards and Technology (NIST) 800-161 policies, practices, procedures, and recommendations. The white paper, SEWP OTTPS-NIST Supply Chain White Paper, is now available on the NASA SEWP website.
NASA SEWP has been working on SCRM for over 20 years while simultaneously maintaining a buying platform that every federal agency has used to procure their Information and Communications Technology (ICT) and Audio Visual (AV) asset needs. As members of The Open Group, an international standards consortium, NASA, through the SEWP Program, teamed with the Department of Defense and major Industry companies to develop the first ISO standard dedicated to SCRM. NASA SEWP continues to be a strong advocate for addressing SCRM issues through internal procedures and external collaborations.
As a member of the Federal Government acquisition community serving federal technology buyers, the Program brought together a team of SCRM Subject Matter Experts to provide clarity to the various public and private SCRM related activities. The goal was to identify actionable efforts that agency personnel can take into account for SCRM within their processes, workflows, and requirements. A key result of this effort is the SEWP OTTPS-NIST Supply Chain White Paper.
The document guides federal buyers about the use of existing commercial standards in support of the recommended policies and procedures in NIST SCRM documentation. The exercise of mapping the ISO 20243 standard and the applicable federal standards and recommended practices, including NIST 800-161, NIST IR 7622, DOD 5000.90, and NIST 800-161rev.1, produced strong correlations between these efforts, particularly in the area of reducing counterfeiting and malicious tainting within the IT supply chain.
“NASA SEWP strives to provide a greater understanding of the supply chain risk management process, and reduce the confusion surrounding this critical issue.” Program Director Joanne Woytek said. “There are more opportunities to create greater clarity and guidance for what buyers of high-impact systems need to account for from a cyber and supplier perspective, and we hope this analysis provides a step in that direction."
"Our team of Subject Matter Experts accepted the challenge of documenting the crosswalk between these vital standards that can assist in to securing the assets contained and transferred within the Federal infrastructure," Woytek added. "The success we have enjoyed for decades was built in part by our expertise in this area, and I believe this effort will benefit our contract holders and agency buyers responsible for navigating an ever-changing federal IT acquisition world."
About SEWP
NASA Solutions for Enterprise-Wide Procurement (SEWP) is a multi-award Government-Wide Acquisition Contract (GWAC) vehicle focused on ICT (Information and Communication Technology) and Audio/Visual products and services. Information is available at www.sewp.nasa.gov. If you would like more information about this topic, please contact SEWP PMO Office at 301-614-1478 or email at help@sewp.nasa.gov.
About The Open Group
The Open Group is a global consortium that enables the achievement of business objectives through technology standards. Our diverse membership of more than 800 organizations includes customers, systems and solutions suppliers, tool vendors, integrators, academics, and consultants across multiple industries.