Publicly Released: September 16, 2021
Objective
We determined the extent to which the U.S. Special Operations Command (USSOCOM) developed and implemented supply chain risk management procedures in accordance with DoD policy to identify, assess, and mitigate risk during the acquisition and development of USSOCOM specialized equipment. Specialized equipment is equipment, material, supplies, and services required for special operations missions for which there is no Military Service common requirement.
Executive Summary
In 2011, the DoD established policies that require DoD organizations authorized to procure materiel, services, and equipment to assess and mitigate threats, vulnerabilities, and disruptions to the DoD supply chain primarily through Program Protection Plans (PPPs). The USSOCOM Commander is authorized to develop and acquire specialized equipment and is required by policy to ensure supply chain security, such as anti‑tampering and cyber, industrial, and information security. We found that USSOCOM supply chain risk management procedures did not comply with DoD policies until November 2020. Specifically, USSOCOM policy did not require USSOCOM program managers to complete PPPs for acquisitions programs, nor did USSOCOM policy require USSOCOM program managers to ensure that contractor‑developed, program protection implementation plans (PPIPs) that address weaknesses identified PPPs were in place. While USSOCOM addressed these policy deficiencies in November 2020, USSOCOM personnel did not develop plans to prioritize and implement these policy requirements for active contracts. USSOCOM agreed with our two recommendations. One recommendation is closed, and the other recommendation is resolved but will remain open.