"A supply chain consists of the system of organizations, people, activities, information, and resources that provide products or services to consumers. Like other types of goods, a global supply chain exists for the development, manufacture, and distribution of information technology (IT) products (i.e., hardware and software). Recent media have highlighted the risks posed to IT from the supply chain. In 2017, the U.S. Department of Homeland Security (DHS) ordered federal agencies to remove Kaspersky security products from their networks because of risk they posed. Legislation was subsequently enacted codifying that order. In addition, stories of persistent administrative passwords on devices or otherwise vulnerable products allowing unauthorized access to sensitive networks became more frequent."
CRS In Focus, IF10920