Report | June 11, 2018

Project Announcement: Audit of the Nuclear Command and Control System Supply Chain Security Risk Management Efforts (Project No. D2018-D000AG-0158.000)

We plan to begin the subject audit in June 2018. This audit is in response to a congressional reporting requirement contained in House Report 114-537, to accompany the National Defense Authorization Act for Fiscal Year 2017. Our objective is to determine whether DoD's supply chain risk management program has mitigated the risk that an adversary could infiltrate the DoD supply chain and sabotage, maliciously introduce an unwanted function, or otherwise compromise the design or integrity of the critical hardware, software, and firmware for one or more critical networks or systems that comprise the Nuclear Command and Control System. This will be the third in a series of audits on DoD Strategic Capabilities Supply Chain Risk Management.