GSA C-SCRM Assurance RFI and Questionnaire

[Boyens, Jon M. (Fed)]

 

On behalf of GSA, please see below…..

 

The General Services Administration (GSA) Federal Acquisition Service (FAS) Office of Information Technology Category (ITC) is exploring the viability and feasibility of utilizing a voluntary comprehensive Cyber Supply Chain Risk Management (C-SCRM) assurance questionnaire for vendors offering Information and Communication Technology (ICT) products and/or services solutions in the GSA federal IT marketplace. The Federal Acquisition Supply Chain Security Act (FASCSA) of 2018 (part of the SECURE Technology Act of 2018) requires all agencies to assess, avoid, mitigate, accept, or transfer supply chain risks (41 USC 1326(a)(1)). A challenge for federal agencies is to identify critical risk and also use supplier C-SCRI to mitigate risk. 

The information sought through the RFI will provide input to improve the developed questionnaire with an objective outcome to make the process more efficient for GSA vendors. Your feedback will also help ensure GSA gathers pertinent information from our industry and government partners to develop a C-SCRM Questionnaire portal and make the C-SCRI provided through the questionnaire available to customer agencies for them to make informed and risk-based decisions.

 

The RFI can be found here: https://feedback.gsa.gov/WRQualtricsSurveyEngine/File.php?F=F_805tnUQQdoCbw2i&download=1

 

The questionnaire can be found directly here: https://feedback.gsa.gov/CP/File.php?F=F_d5681Bcdhyr2XlQ

 

The online form is here: https://feedback.gsa.gov/jfe/form/SV_ensD8H1R92nHS7k?Q_DL=ecifitP45JpHjFN_ensD8H1R92nHS7k_CGC_uxsH4RVbkZ9P2Ee&Q_CHL=email%20RE:%20State%20%E2%80%93%20always%20interested

[Boyens, Jon M. (Fed)]

I received a few comments that the online questionnaire associated with the RFI was difficult to view and was not downloadable to enable organizations to coordinate comments. GSA has kindly provided the attached .pdf for ease of use.