Define a Supply Chain Risk Management strategy to drive the development and implementation of policies and procedures for:a. How supply chain risks are to be managed across the agency;b. How monitoring of external providers compliance with defined cybersecurity and supply chain requirements;c. How counterfeit components are prevented from entering the DNFSB supply chain.
Questioned Costs
$0
Funds for Better Use
$0
Recommendation Status
Closed
Source UUID
250c7085-8542-40a5-89ef-85a43e852d74-4
Recommendation Number
4
Additional Information
Agency Response Dated June 2, 2025: DNFSB has developed policies and procedures that demonstrate supply chain risks are managed across the agency, monitoring the compliance of external providers with defined cybersecurity and supply chain requirements, and counterfeit components are prevented from entering the agency’s supply chain. DNFSB identified completion and approval of its SCRM Plan and SCRM Operating Procedure, on March 21, 2025, and May 1, 2025, respectively. Key supporting documentation was provided to the Auditor. DNFSB request closure of this recommendation, based on the status update and documentation provided.
OIG Analysis: During the fieldwork phase of the Audit of the DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2025, the OIG and its contractors had a discussion with the DNFSB on its prior years’ outstanding FISMA recommendations. The OIG inspected the SCRM Plan and SCRM Operating procedures identifying that the DNFSB has developed policies and procedures that demonstrate supply chain risks are managed across the agency, monitoring the compliance of external providers with defined cybersecurity and supply chain requirements, and counterfeit components are prevented from entering the agency’s supply chain. The agency’s corrective actions appear reasonable and meet the intent of the recommendation. This recommendation is now closed.
March 31, 2025: OIG Analysis: The DNFSB did not provide an updated response for this recommendation.
On September 20, 2023, the agency provided the following response:
Supply Chain Risk will be addressed in an upcoming
Supply Chain Risk Management Program Operating
Procedure. The estimated completion is Q4 FY 2023.
The OIG will verify if corrective actions have been taken by the DNFSB to address this recommendation during its FY25 Federal Information Security Modernization Act of 2014 (FISMA) audit. Status: Open: Resolved.
Supply Chain Risk will be addressed in an upcoming Supply Chain Risk Management Program Operating Procedure. The estimated completion is Q4 FY 2023.
OIG Analysis: During the fieldwork phase of the Audit of the DNFSB’s Implementation of the Federal Information Security Modernization Act of 2014 (FISMA) for Fiscal Year 2025, the OIG and its contractors had a discussion with the DNFSB on its prior years’ outstanding FISMA recommendations. The OIG inspected the SCRM Plan and SCRM Operating procedures identifying that the DNFSB has developed policies and procedures that demonstrate supply chain risks are managed across the agency, monitoring the compliance of external providers with defined cybersecurity and supply chain requirements, and counterfeit components are prevented from entering the agency’s supply chain. The agency’s corrective actions appear reasonable and meet the intent of the recommendation. This recommendation is now closed.
March 31, 2025: OIG Analysis: The DNFSB did not provide an updated response for this recommendation.
On September 20, 2023, the agency provided the following response:
Supply Chain Risk will be addressed in an upcoming
Supply Chain Risk Management Program Operating
Procedure. The estimated completion is Q4 FY 2023.
The OIG will verify if corrective actions have been taken by the DNFSB to address this recommendation during its FY25 Federal Information Security Modernization Act of 2014 (FISMA) audit. Status: Open: Resolved.
Supply Chain Risk will be addressed in an upcoming Supply Chain Risk Management Program Operating Procedure. The estimated completion is Q4 FY 2023.
Significant Recommendation
Yes