Week 2: Assessing ICT Trustworthiness
As National Supply Chain Integrity Month continues, this week’s theme is: Assessing ICT Trustworthiness. Every company and organization that uses information and communications technology (ICT) products and services is part of a complex, globally-interconnected supply chain that, if exploited, can impact national security, economic security, and public health and safety.
In a digitally-connected world, protecting your organization’s information requires understanding not only your organization’s immediate supply chain, but also the extended supply chains of your vendors and suppliers. To help organizations and businesses with this effort, CISA’s ICT Supply Chain Risk Management (SCRM) Task Force developed two new resources.
Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists: This report provides organizations a list of criteria and factors that can be used to inform an organization's decision to build or rely on a qualified list for the acquisition of ICT products and services.
Vendor SCRM Template: This template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices. The results can be used to help guide supply chain risk planning in a standardized way and provide clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.
Both of these tools are great resources for IT or cyber security personnel; acquisitions and procurement professionals; those who manage vendor and supplier lists; and others. Building a culture of supply chain resilience depends on a unity of effort.
To learn more about how CISA enhances supply chain resiliency and to view online resources, visit www.cisa.gov/supply-chain-integrity-month.