GAO: Agencies expose themselves to IT supply-chain threats

The four departments with national security responsibilities haven’t identified the threats or developed mitigation policies and procedures, a report states.