Supply-Chain Security
FIRS refers matters to, and works closely with, interagency partners to address national-security risks from foreign-sourced technology, services, software, and equipment, and their underlying global supply chains, across a range of authorities, including the following:
- Executive Order 13873 of May 19, 2019 (Securing the Information and Communications Technology and Services Supply Chain), which delegates authority to the Secretary of Commerce to address national-security threats to information and communications technology and services (ICTS) supply chains
- Executive Order 14034 of June 9, 2021 (Protecting Americans' Sensitive Data From Foreign Adversaries), which identifies factors that the Secretary of Commerce may consider in evaluating the risks of connected-software applications under the Executive Order 13873 framework
- the FCC’s Covered List (established by the Secure and Trusted Communications Networks Act of 2020), which directs the FCC to publish and maintain a list of “covered communications equipment or services” that pose an unacceptable risk to national security or the safety and security of U.S. persons
- the Federal Acquisition Security Council (established by the Federal Acquisition Supply Chain Security Act of 2018), an interagency body chaired by the Director of the Office of Management and Budget to evaluate and share information about supply-chain risk to federal IT systems
- Section 889 of the FY2019 National Defense Authorization Act, which generally prohibits federal agencies, contractors, and grant and loan recipients from procuring or using certain covered telecommunications equipment and services, including video-surveillance technology, provided by Huawei, ZTE, Hytera Communications, Hangzhou Hikvision Technology, Dahua Technology, and other companies
- Economic and trade sanctions programs administered by the Department of the Treasury’s Office of Foreign Assets Control
- Export controls administered by the Department of Commerce’s Bureau of Industry and Security
- Executive Order 14028 of May 12, 2021 (Improving the Nation’s Cybersecurity)
- advisory groups such as the FCC’s Communications Security, Reliability, and Interoperability Council and the Cybersecurity Forum of Independent and Executive Branch Regulators
Updated September 20, 2023