ICT Supply Chain Risk Management Task Force Resources
These resources and tools were developed by the ICT Supply Chain Risk Management (SCRM) Task Force—a public-private partnership that represents the Agency’s collective approach to enhancing supply chain resilience. Representatives include subject matter experts, infrastructure owners/operators, and other key stakeholders from the Information Technology (IT) sector, Communications sector, and federal agencies.
While the Task Force’s products are available to all stakeholders, they are especially useful for:
- Acquisitions and procurements professionals
- Personnel whose role is in legal, logistics, marketing, and product development
- Information Technology (IT) or cyber security personnel
- Risk management officials and personnel
- Personnel who manage vendor and supplier lists
- Software customers and vendors
Task Force Resources
ICT Supply Chain Risk Management Task Force Interim Report
DEC 17, 2020
| PUBLICATION
This report provides an overview of the Task Force and its first year’s efforts in addressing SCRM challenges such as information sharing; evaluating supply chain threats; identifying criteria for establishing Qualified Bidder Lists (QBL); and more.
ICT Supply Chain Risk Management Task Force Year Two Report
DEC 17, 2020
| PUBLICATION
Provides an update on the ICT Supply Chain Risk Management Task Force’s progress in Year Two to advance meaningful partnerships and analysis around supply chain security and resilience.
Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic
DEC 17, 2020
| PUBLICATION
This analysis report examines how the COVID-19 pandemic impacted the logistical supply chains of ICT companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.
Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel
OCT 26, 2021
| PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help small and medium-sized businesses guide supply chain risk planning in a standardized way.
Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information
SEP 21, 2021
| PUBLICATION
This product provides research by SMEs in addressing liability limitations to improve sharing of supply chain risk information among the federal government and private industry.
ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3
AUG 02, 2021
| PUBLICATION
Provides practical, example-based guidance on supply chain risk management (SCRM) threat analysis and evaluation.
Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists
APR 12, 2021
| PUBLICATION
This report provides organizations a list of evaluation criteria and factors that can be used to inform their decision to build or rely on a qualified list for the acquisition of ICT products and services while managing supply chain risks.
ICT SCRM Task Force Vendor Template
APR 12, 2021
| PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way.
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
JAN 26, 2023
| PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management Fact Sheet
SEP 14, 2023
|
Learn more about the Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management.
Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management
SEP 25, 2023
| PUBLICATION
Provides a framework that includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate.
Empowering Small and Medium-Sized Businesses
OCT 11, 2023
| PUBLICATION
A Resource Guide that provides a valuable starting point for SMBs to develop and tailor an ICT SCRM plan that meets the needs of their business.
Empowering Small and Medium-Sized Businesses Resource Guide Fact Sheet
OCT 11, 2023
| PUBLICATION
A fact sheet that provides an overview of the ICT SCRM Task Force’s resource Empowering SMBs: A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan.
Task Force Videos
Video on Building a More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic
VIDEO
This video details the impacts to ICT supply chains from the COVID-19 pandemic such as vendor transparency, single region/single source suppliers, and inventory management.
Video on Evaluating Vendor and Supplier Trustworthiness
VIDEO
Explains the potential of two resources' usefulness to industry.
Video on Impact Analysis and Mitigation of ICT Supply Chain Threats
VIDEO
This video highlights Version 3.0 of the Threat Scenarios Report, which uses the NIST Risk Management Framework to identify and analyze potential threat scenarios that can occur in a global ICT supply chain and how best to mitigate against these threats.
Video on Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses
A complement to the Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses guide, this video provides additional information to help minimize and mitigate supply chain risks.
Video on Preliminary Considerations for Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information
VIDEO
Focuses on issues related to the sharing of supply chain risk information (SCRI) among the federal government and industry.
Contact Us
For questions or comments, email ict_scrm_taskforce@cisa.dhs.gov.