Final Rule on Supply Chain Risk Fails to Provide Additional Guidance, Protection, or Relief from Uncertain Application
Client Alert | 1 min read | 11.02.15
On October 30, DoD published a final rule (a) requiring evaluation of supply chain risk when acquiring information technology that is either a covered National Security System ("NSS"), part of a covered NSS, or in support of a covered NSS; and (b) authorizing DoD to exclude primes or subs from a particular procurement if they fail to mitigate identified supply chain risks adequately. DoD made relatively modest changes to the 2013 interim rule (e.g., removing the flow-down requirement applicable to subs at any tier) but largely rejected industry input (e.g., declining to identify specific standards or controls to mitigate supply chain risk and declining to create a mechanism for challenging exclusion from a particular source selection).
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 01.07.26
On December 17, 2025, the U.S. Food and Drug Administration (FDA) issued a request for information (RFI) on a proposal designed to help the FDA engage more directly with innovative, venture-backed companies focused on biotechnology, medical devices, AI, and regulatory technology.[i]The RFI includes 19 questions, with responses due by 2:00 p.m. ET on January 18, 2026.
Client Alert | 3 min read | 01.07.26
CMMC for AI? Defense Policy Law Imposes AI Security Framework and Requirements on Contractors
Client Alert | 3 min read | 01.07.26
New Year, Same CIPA Uncertainty – When Will the Appellate Courts Enter the Chat?
Client Alert | 11 min read | 01.07.26
