Do you really know who controls your suppliers, teammates, or subcontractors?  Just because the firm is headquartered in Tyson’s Corner doesn’t mean they’re local.  Federal agencies and contractors already know that they incur daily attempted intrusions into their IT networks.  Sometimes, though, the threat can come from another angle:  an otherwise legitimate looking business that is, in reality, a Trojan Horse.  Giving an un-verified company access to sensitive files or classified information can cause even more damage to national security than a random IT hack.  At a time when DOD, in particular, is paying increased attention to supply chain integrity, contractors must take proper steps to vet any new supplier, teammate or sub-contractor.  It’s not just your own vetting, either.  Contractors must also be prepared to ask questions about companies a customer agency has either hired, or are contemplating hiring, to work side-by-side with them.  While federal agencies can be held accountable for breaches or intelligence incursions, it is vital to remember that it is often a contractor left holding the bag.  The finger of blame is pointed disproportionately at contractors.   The start of a new fiscal year is a good time to review vetting and oversight procedures.  Make sure that your supply chains are secure and that partners are who you think they are.