DHS Software Supply Chain Risk Management Act of 2021
This bill requires the Management Directorate of the Department of Homeland Security (DHS) to issue guidance regarding new and existing contracts relating to the procurement of information and communications technology or services.
The bill requires contractors to submit to DHS a bill of materials, a certification that each item in the bill of materials is free from certain security vulnerabilities or defects affecting the security of the end product or service, a notification of any identified vulnerability or defect, and a plan to mitigate, repair, or resolve any identified vulnerability or defect.
The Government Accountability Office must report to specified congressional committees with (1) a review of this bill\'s implementation; (2) information regarding DHS engagement with industry; (3) an assessment of how guidance issued pursuant to this bill complies with Executive Order 14208, relating to improving the nation\'s cybersecurity; and (4) any recommendations related to improving the supply chain for covered contracts.