Supply Chain Illumination RFI

Background
The Federal Bureau of Investigation (FBI) is seeking industry input through this Request for Information (RFI) regarding commercially available technologies that can support an enterprise Supply Chain Risk Management (SCRM) capability.

The goal is to illuminate information and communication technology (ICT) products, software, and services to identify threats, risks, and vulnerabilities in the supply chain. The FBI's Supply Chain Risk Management Unit (SCRMU), under the Office of the Chief Information Officer (OCIO), is responsible for managing SCRM associated with procurement and lifecycle management of IT systems and services. Current processes are manual and lack structured data or centralized visibility for effective risk assessments.

Work Details
The FBI requires SCRM illumination tools that provide detailed insights including: micro component traceability, software bill of materials (SBOM) breakdowns, supply chain relationship mapping, and reliable product and vendor information.

The RFI outlines preliminary requirements that may assist in formulating final requirements and identifying qualified vendors. The FBI's SCRM program adheres to federal regulations such as NIST SP 800-161 and NIST SP 800-53, which mandate a systematic approach to managing cybersecurity risks throughout the supply chain. This includes vetting prior to purchase and continuous monitoring post-integration into the IT enterprise. Additional federal requirements include various acts and executive orders aimed at enhancing cybersecurity measures within the supply chain.

Place of Performance
The geographic location for performance is not explicitly stated in the RFI.