Skip to Content


Notice of Public Meeting Concerning the General Services Administration's Request for Information on Business Due Diligence

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Office of Information Integrity, and Access; Office of Government-wide Policy; General Services Administration.


Notice of public meeting.


The purpose of this public meeting is to present information related to the government's analysis of responses to the General Services Administration's (GSA) Request for Information (RFI) on Business Due Diligence for Acquisition Involving Government Information or Information Systems, dated December 12, 2014. The meeting will focus on the problem of supply chain security, potential solution(s), and a path forward to initializing operation of the solution(s).


The meeting will be held on Tuesday, June 2, 2015 from 11:30 a.m. to 3 p.m., Eastern Standard Time, during the Software Supply Chain Assurance (SSCA) Working Groups (WGs) at MITRE. Online registration for the SSCA WGs is at​ssca/​. Comments are due no later than Friday, May 29, 2015.


Meeting Location: MITRE-1, 7525 Colshire Drive, McLean, VA 22102. If interested in speaking at the meeting, please submit a request to speak (for a maximum of five minutes during the public session) and cite Notice-ME-2015-01, in all correspondence related to this case. Submit comments in response to Notice—ME-2015-01 by any of the following methods:

  • Submit comments via the Federal eRulemaking portal by searching for “Notice-ME-2015-01”. Select the link “Comment Now” that corresponds with “Notice—ME-2015-01” and follow the instructions provided on the screen. Please include your name, company name (if any), and “Notice—ME-2015-01” on your attached document.
  • Mail: General Services Administration, Office of Government-Wide Policy (ME), ATTN: Ms. Rowan Ha/Notice—ME-2015-01, 1800 F Street NW., Washington, DC 20405-0001.

Instructions: Please submit comments only and cite Notice—ME-2015-01 in all correspondence related to this case. All comments received will be posted without change to, including any personal and/or business confidential information provided.

Start Further Info


Ms. Rowan Ha, Cybersecurity Specialist, GSA Office of Government-wide Policy, at 202-219-1270, or

End Further Info End Preamble Start Supplemental Information


Federal Agencies continue to express concerns about potential risks in the products, services, and solutions they purchase. These concerns extend to all purchased items that connect in any way to a government information system and/or which contain, transmit, or process information provided by or generated for the government to support the operations and assets of a Federal agency.

Federal Agencies need better visibility into, and understanding of, how the products, services, and solutions they buy are developed, integrated, and deployed. Agencies are also interested in strengthening confidence in the processes, procedures, and practices used to improve the integrity, security, resilience, and quality of those products and services.

GSA is collaborating with its customer agencies and other stakeholders to establish a common set of risk indicators that can be used as the baseline for business due diligence research. This common core of risk indicators and risk research methodologies will be complementary to, and not a replacement for, existing government supply chain risk management activities.

Following a period of research and development to analyze and validate risk assessment processes, GSA intends to use a consensus set of common risk indicators from government and industry to enhance its current risk assessment processes. It is anticipated that the business due diligence information obtained will be used by the Federal acquisition, grant, and oversight communities to support Start Printed Page 30682government risk assessments. Selection of contractors about which information may be collected during the assessment process will be a risk-based decision made at the discretion of a participating agency.

Definition: Information system in this notice means a discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Information systems also include specialized systems such as industrial or process controls systems, telephone switching or private branch exchange (PBX) systems, and environmental control systems (see, National Institute of Standards and Technology Special Publication 800-53 Rev. 4). Links to relevant documents can be found at: Business Due Diligence RFI:​index?​s=​opportunity&​mode=​form&​id=​230732591f542b7da9b9fc3e6c167eec&​tab=​core&​_​cview=​0;​ Executive Order 13636, Improving Critical Infrastructure Cybersecurity:​portal/​content/​176547.

Start Signature

Dated: May 21, 2015.

Giancarlo Brizzi,

Acting Associate Administrator, Office of Government-wide Policy, General Services Administration.

End Signature End Supplemental Information

[FR Doc. 2015-13016 Filed 5-28-15; 8:45 am]