[Federal Register Volume 80, Number 103 (Friday, May 29, 2015)]
[Notices]
[Pages 30681-30682]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-13016]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-ME-2015-01; Docket No: 2015-0002; Sequence No. 15]


Notice of Public Meeting Concerning the General Services 
Administration's Request for Information on Business Due Diligence

AGENCY: Office of Information Integrity, and Access; Office of 
Government-wide Policy; General Services Administration.

ACTION: Notice of public meeting.

-----------------------------------------------------------------------

SUMMARY: The purpose of this public meeting is to present information 
related to the government's analysis of responses to the General 
Services Administration's (GSA) Request for Information (RFI) on 
Business Due Diligence for Acquisition Involving Government Information 
or Information Systems, dated December 12, 2014. The meeting will focus 
on the problem of supply chain security, potential solution(s), and a 
path forward to initializing operation of the solution(s).

DATES: The meeting will be held on Tuesday, June 2, 2015 from 11:30 
a.m. to 3 p.m., Eastern Standard Time, during the Software Supply Chain 
Assurance (SSCA) Working Groups (WGs) at MITRE. Online registration for 
the SSCA WGs is at https://register.mitre.org/ssca/. Comments are due 
no later than Friday, May 29, 2015.

ADDRESSES: Meeting Location: MITRE-1, 7525 Colshire Drive, McLean, VA 
22102. If interested in speaking at the meeting, please submit a 
request to speak (for a maximum of five minutes during the public 
session) and cite Notice-ME-2015-01, in all correspondence related to 
this case. Submit comments in response to Notice--ME-2015-01 by any of 
the following methods:
     Regulations.gov: http://www.regulations.gov. Submit 
comments via the Federal eRulemaking portal by searching for ``Notice-
ME-2015-01''. Select the link ``Comment Now'' that corresponds with 
``Notice--ME-2015-01'' and follow the instructions provided on the 
screen. Please include your name, company name (if any), and ``Notice--
ME-2015-01'' on your attached document.
     Mail: General Services Administration, Office of 
Government-Wide Policy (ME), ATTN: Ms. Rowan Ha/Notice--ME-2015-01, 
1800 F Street NW., Washington, DC 20405-0001.
    Instructions: Please submit comments only and cite Notice--ME-2015-
01 in all correspondence related to this case. All comments received 
will be posted without change to http://www.regulations.gov, including 
any personal and/or business confidential information provided.

FOR FURTHER INFORMATION CONTACT: Ms. Rowan Ha, Cybersecurity 
Specialist, GSA Office of Government-wide Policy, at 202-219-1270, or 
[email protected].

SUPPLEMENTARY INFORMATION: Federal Agencies continue to express 
concerns about potential risks in the products, services, and solutions 
they purchase. These concerns extend to all purchased items that 
connect in any way to a government information system and/or which 
contain, transmit, or process information provided by or generated for 
the government to support the operations and assets of a Federal 
agency.
    Federal Agencies need better visibility into, and understanding of, 
how the products, services, and solutions they buy are developed, 
integrated, and deployed. Agencies are also interested in strengthening 
confidence in the processes, procedures, and practices used to improve 
the integrity, security, resilience, and quality of those products and 
services.
    GSA is collaborating with its customer agencies and other 
stakeholders to establish a common set of risk indicators that can be 
used as the baseline for business due diligence research. This common 
core of risk indicators and risk research methodologies will be 
complementary to, and not a replacement for, existing government supply 
chain risk management activities.
    Following a period of research and development to analyze and 
validate risk assessment processes, GSA intends to use a consensus set 
of common risk indicators from government and industry to enhance its 
current risk assessment processes. It is anticipated that the business 
due diligence information obtained will be used by the Federal 
acquisition, grant, and oversight communities to support

[[Page 30682]]

government risk assessments. Selection of contractors about which 
information may be collected during the assessment process will be a 
risk-based decision made at the discretion of a participating agency.
    Definition: Information system in this notice means a discrete set 
of information resources organized expressly for the collection, 
processing, maintenance, use, sharing, dissemination, or disposition of 
information. Information systems also include specialized systems such 
as industrial or process controls systems, telephone switching or 
private branch exchange (PBX) systems, and environmental control 
systems (see, National Institute of Standards and Technology Special 
Publication 800-53 Rev. 4). Links to relevant documents can be found 
at: Business Due Diligence RFI: https://www.fbo.gov/index?s=opportunity&mode=form&id=230732591f542b7da9b9fc3e6c167eec&tab=core&_cview=0; Executive Order 13636, Improving Critical Infrastructure 
Cybersecurity: http://www.gsa.gov/portal/content/176547.

    Dated: May 21, 2015.
Giancarlo Brizzi,
Acting Associate Administrator, Office of Government-wide Policy, 
General Services Administration.
[FR Doc. 2015-13016 Filed 5-28-15; 8:45 am]
 BILLING CODE 6820-14-P