Final Rule on Supply Chain Risk Fails to Provide Additional Guidance, Protection, or Relief from Uncertain Application
Client Alert | 1 min read | 11.02.15
On October 30, DoD published a final rule (a) requiring evaluation of supply chain risk when acquiring information technology that is either a covered National Security System ("NSS"), part of a covered NSS, or in support of a covered NSS; and (b) authorizing DoD to exclude primes or subs from a particular procurement if they fail to mitigate identified supply chain risks adequately. DoD made relatively modest changes to the 2013 interim rule (e.g., removing the flow-down requirement applicable to subs at any tier) but largely rejected industry input (e.g., declining to identify specific standards or controls to mitigate supply chain risk and declining to create a mechanism for challenging exclusion from a particular source selection).
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 2 min read | 02.18.26
DHS Announces Virtual Town Halls on CIRCIA Final Rule
On February 13, 2026, the U.S. Department of Homeland Security (DHS) announced upcoming virtual town hall meetings scheduled for March 2026 regarding the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The meetings will allow industry stakeholders to provide input to DHS to refine the “scope and burden” of the forthcoming CIRCIA final rule.
Client Alert | 6 min read | 02.18.26
The CeramTec Case, or How to (not) Navigate the Patent to Trademark Transition
Client Alert | 4 min read | 02.17.26
Texas Federal Court Hands Cyber Policyholders Major Win in Southwest Airlines Coverage Dispute
Client Alert | 3 min read | 02.13.26
