OSD is in a bit of a unique place with VTM right now - usually they develop
policy and implementation flows down, however, currently there are 3 CCMDs that have
been doing this for awhile and the rest are just starting to play catch-up
and establish VTM programs and guidance for their areas of responsibility.
Until the Directive for VTM was signed out this summer, a lot of effort had
to be put into working that policy. OSD still has to develop an instruction
and doctrine to further guide implementation. However, OSD recognizes the
need for more tactical level guidance because they have such different levels
of maturity and your question is really timely. What is needed is a handbook or
repository that helps folks in the field think through all the avenues of a
vendor's profile to reduce the overall risk of doing business with a foreign
entity (intel threats, geopolitical issues, ties to other entities, supply
chain risk, etc.). Ms Donna Livingston from OSD OUSD A-S is tentatively scheduled to be our guest on the CCO Experience Office hour 25 Jan 2023 to discuss this topic in more detail Please stay tuned.