关键词：通信；管理实践；信息系统；风险管理；供应链；信息和通信技术
摘 要：Federal agency information systems are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of ICT and the growing speed and scale of a complex, distributed global supply chain. Federal departments and agencies currently have neither a consistent nor comprehensive way of understanding the often opaque processes and practices used to create and deliver the hardware and software products and services that it procures. This lack of understanding, visibility, traceability, and control increases the challenges associated with managing the risk of exploitation through a variety of means including counterfeit materials, malicious software, or untrustworthy products. Overall, it makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. Currently, federal departments and agencies and many private sector integrators and suppliers use varied and nonstandard practices, exacerbating the challenge.