This interview with Theresa Kinney, Deputy Program Manager and Director for Operations and Communications with NASA SEWP looks at the impetus behind Crosswalk; the Supply Chain Risk Management (SCRM) challenge; an upcoming event; and what Government and industry need to know to move forward.
Origins
SEWP has been a member of the Open Group since its beginnings 25 years ago and on a shared journey to develop standards. The OTTPS-NIST Standards Crosswalk white paper analyzes, for the first time, the intersections and crossovers between The Open Trusted Technology Provider™ Standard (OTTPS) ISO 20243 & National Institute of Standards and Technology (NIST) 800-161 policies, practices, procedures, and recommendations, mapping specifics questions to recommendations and identifying recommendations aimed at specific purposes.
Misconceptions
There are a lot of misconnections with respect to procurement and where a lot of these new requirements are coming down and how they fit together. Supply Chain Risk Management is not cSCRM but to some degree the two may be used interchangeably. As a supply chain manager, this should be utilized as part of our overall cyber hygiene.
Crosswalk also answers the question of whether commercial requirements can meet NIST requirements and in fact, this does appear to be the case. As industry has the luxury of evolving and moving ahead without the same degree of regulations that may bind Government, these industry solutions become good jumping off points to forward motion in the Federal space.
Who Benefits?
This effort has wide ranging benefits to include Open Group which holds the ISO standard to be considered and NIST, because this validates the use of those commercial standards.
More importantly, this effort benefits the contracting officer, buying commands and those developing information and communication solutions since it answers needed questions that will ensure better contract award decisions. It is known that within Federal agencies there can be a disconnect between the technology and procurements sides and this supports procurement in allowing them to understand, validate and justify their risk-related decision.
Government and industry all benefit from this focused supply chain risk conversation. From the efforts of DOD to secure the defense industry base, current cyber requirements and the Executive Order around the national supply chain, this focus on understanding the operational usage of commercial standards and Federal regulations brings together information security, risk management, supply chain and identity management into a cohesive unit, addressing some of the challenges in communication.
Positioning for the Future
Through this part of the Federal supply chain conversation, we are working to complement the efforts of our Federal colleagues, including those Government-wide initiatives. Using our expertise to help both buyers and sellers. This program goes above and beyond, using data already baked into our systems but taking it above and beyond to ensure procurement has the right tools to make the best possible decisions.
We will continue to seek input from Government and industry and look for ways to make buying and selling as easy as possible, while accounting for supply chain risk management best practices.
Partners in Intel
For the Crosswalk effort, we solicited the assistance of ATARC, looking to leverage the knowledge of its SMEs in supply chain and cSCRM. This collaboration and brainstorming effort brought together industry and Federal agencies, including DOD and CISA, to discuss the impact across the board from the Government and industry sides.
NASA SEWP SCRM Virtual Forum
Later this month, we are involved in a forum event that will include Joanne Woytek, Program Manager from NASA SEWP and Renee Wynn, Former Chief Information Officer from NASA that will focus on this topic. Various panels will discuss the interplay between the standards and the requirements and will offer the opportunity for clarification and deeper insight.
This event can benefit anyone open to implementing best practices that can support agencies moving forward, and anyone that is interested in supply chain risk from a Government, or industry view. This focused program can increase subject matter understanding and some of the activities being undertaken to solve this complex challenge.
Supply chain risk is complex and all of the questions will not be answered quickly or through one conversation, however by developing relationships, we open the doors to many conversations to come, conversations with those with special skills and knowledge and varied perspectives that will help compose more effective solutions to what will be an ongoing and evolving challenge.
Advice to Industry and Government
This and all future efforts will hinge on efforts that are already in play including category management. Success moving ahead will fall on data you have at your disposal and that you develop. Are you capturing information that can immediately be accessed? Do you know what you bought and when? Do you have a complete inventory of IT assets? These are all incredibly critical questions but questions not all companies or agencies can answer.
We have no way of knowing with certainty what we will need in the future. What we are pioneering now are best practices that will meet current needs and be able to respond to legislative changes, Administrative initiatives and future challenges.
About Theresa Kinney
Ms. Theresa Kinney is a Deputy Program Manager/Director for Operations of the NASA SEWP Program Office. Ms. Kinney manages the strategic direction, planning, and day-to-day operations of SEWP – a premier Government-Wide Acquisition Contract (GWAC) providing Federal Agencies access to the latest in Information & Communication Technology solutions. Ms. Kinney is a 20+ year veteran to Goddard Space Flight Center (GSFC) in Greenbelt, Maryland. In this capacity, she is the Contracting Officer Representative (COR) for the SEWP Program and NASA Goddard Space Flight Center.
