Webinar

A new chapter for the Defense Industrial Base

Supply chain risk oversight in the Trump era

Jun 27, 2025 · Authored by Leo Alvarez, Theresa Campobasso

As the global landscape continues to shift, the Defense Industrial Base (DIB) finds itself at a pivotal crossroads. The convergence of geopolitical tensions, regulatory expansion and technological disruption has ushered in a new era of supply chain risk oversight — one that demands agility, transparency and strategic foresight. At Baker Tilly, we are committed to helping government contractors navigate this evolving terrain with confidence and clarity. 

The regulatory tidal wave: A decade of escalating oversight 

Over the past decade, the federal government has steadily intensified its focus on supply chain risk management (SCRM). From the establishment of the Federal Acquisition Security Council (FASC) under the Secure Technology Act to the sweeping mandates of executive orders (EO) and National Institute of Standards and Technology (NIST) frameworks, the message is clear: supply chain security is national security. 

Recent executive actions — such as EO 14272, EO 14285 and EO 14293 — underscore the urgency of securing critical mineral and pharmaceutical supply chains. Meanwhile, export restrictions targeting advanced technologies and reciprocal tariffs aimed at trade imbalances with China reflect a broader strategic realignment of U.S. supply chains. 

The implications for contractors are profound. Compliance is no longer a box-checking exercise—it is a strategic imperative. 

Lessons from the frontlines: Supply chain compromises and their fallout 

The SolarWinds breach, Colonial Pipeline ransomware attack and the recent discovery of “kill switches” in foreign-manufactured energy components serve as stark reminders of the vulnerabilities embedded within our supply chains. These incidents have not only disrupted operations but have also catalyzed regulatory responses that demand proactive risk mitigation. 

Contractors must now contend with a growing third-party ecosystem where confidence in due diligence data is alarmingly low. According to Gartner, nearly half of organizations are only 1–50% confident in the accuracy of third-party information. This uncertainty underscores the need for robust, technology-enabled SCRM programs. 

The acquisition landscape: Risk as a differentiator 

The Department of Defense (DOD) and civilian agencies are embedding SCRM requirements into major acquisition vehicles. From the General Services Administration’s (GSA) Alliant 3 to the National Aeronautics and Space Administration’s (NASA) Solution for Enterprise-Wide Procurement (SEWP) VI, contractors are now expected to submit comprehensive SCRM plans and perform risk assessments as part of their procurement processes. 

The Cybersecurity Maturity Model Certification (CMMC) and related Defense Federal Acquisition Regulation Supplement (DFARS) clauses further elevate the stakes. 

In this environment, a mature SCRM program is not just a compliance necessity—it is a competitive advantage. 

Building a resilient SCRM program: From policy to practice 

Effective SCRM begins with a structured, risk-informed approach. The NIST SP 800-161 framework provides a comprehensive roadmap, outlining foundational, sustaining and enhancing practices across the information and communications technology (ICT) supply chain. Key elements include: 

• Supplier prioritization: Classify suppliers based on criticality to prioritize due diligence 
• Risk assessment: Evaluate suppliers against control areas such as cybersecurity, provenance and operational resilience 
• Ongoing monitoring: Implement continuous oversight mechanisms to detect and respond to emerging threats 
• Incident response integration: Align SCRM with broader business continuity and incident response plans 

Contractors should also leverage the SCRM control family in NIST SP 800-53 Rev. 5, which includes controls for tamper detection, component authenticity and supply chain integrity. 

Technology as a force multiplier: The case for automation 

Manual SCRM processes are no longer sufficient. They are time-consuming, inconsistent and ill-equipped to scale with the complexity of modern supply chains. Technology offers a path forward. 

Exiger’s 1Exiger platform exemplifies the power of artificial intelligence (AI)-driven supply chain illumination. By aggregating structured and unstructured data across 87+ languages and 1.5 trillion data points, 1Exiger enables real-time risk detection, sub-tier mapping and product risk scoring. This level of visibility empowers contractors to: 

• Identify hidden risks such as foreign ownership, regulatory violations and cybersecurity vulnerabilities 
• Monitor supplier networks for disruptions, such as the SPS Technologies fire that impacted over 400 weapons systems 
• Detect hardware and software components linked to prohibited entities under the National Defense Authorization Act (NDAA) Section 889 

By integrating these insights into a unified digital thread, contractors can move from reactive crisis management to proactive risk mitigation. 

Moving beyond compliance: SCRM as a strategic asset 

The future of SCRM lies in its integration across the enterprise. This means breaking down silos, aligning policy with practice and embedding risk management into every stage of the supplier lifecycle. It also means embracing continuous improvement—refreshing controls, updating plans and staying ahead of regulatory developments. 

Contractors should consider the following actions: 

• Evaluate your maturity: Benchmark your practices against NIST SP 800-161 and SP 800-53 
• Engage your ecosystem: Ensure subcontractors and commercial item suppliers meet SCRM requirements 
• Invest in technology: Adopt tools—like 1Exiger—that provide real-time visibility and automate risk assessments 
• Stay informed: Monitor evolving regulations and participate in industry workshops 

Conclusion: A new chapter, a new mandate 

As we turn the page to a new chapter for the DIB, the mandate is clear: supply chain resilience is no longer optional. It is a cornerstone of national security, a prerequisite for federal contracting and a hallmark of operational excellence. 

At Baker Tilly, we stand ready to support our clients in building, optimizing and sustaining SCRM programs that not only meet today’s requirements but anticipate tomorrow’s challenges. Together, we can illuminate the path forward—one that is secure, strategic and resilient. 

Want to learn more about recent regulatory activity, better understand the impact of these changes on federal acquisition, or explore Exiger’s supply chain illumination technology? Contact our government contractor solutions leaders to discuss real-world SCRM solutions for your organization.