Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium Businesses
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
Breadcrumb
  1. Home
Share:

ICT Supply Chain Risk Management Task Force Resources

These resources and tools were developed by the ICT Supply Chain Risk Management (SCRM) Task Force­—a public-private partnership that represents the Agency’s collective approach to enhancing supply chain resilience. Representatives include subject matter experts, infrastructure owners/operators, and other key stakeholders from the Information Technology (IT) sector, Communications sector, and federal agencies.

While the Task Force’s products are available to all stakeholders, they are especially useful for:

  • Acquisitions and procurements professionals
  • Personnel whose role is in legal, logistics, marketing, and product development
  • Information Technology (IT) or cyber security personnel
  • Risk management officials and personnel
  • Personnel who manage vendor and supplier lists
  • Software customers and vendors

Task Force Resources

ICT Supply Chain Risk Management Task Force Interim Report

SEP 18, 2019 | PUBLICATION
This report provides an overview of the Task Force and its first year’s efforts in addressing SCRM challenges such as information sharing; evaluating supply chain threats; identifying criteria for establishing Qualified Bidder Lists (QBL); and more.
Download File (PDF, 1.49 MB)

ICT Supply Chain Risk Management Task Force Year Two Report

DEC 16, 2020 | PUBLICATION
Provides an update on the ICT Supply Chain Risk Management Task Force’s progress in Year Two to advance meaningful partnerships and analysis around supply chain security and resilience.
Download File (PDF, 1.72 MB)

Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic

NOV 05, 2020 | PUBLICATION
This analysis report examines how the COVID-19 pandemic impacted the logistical supply chains of ICT companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.
Download File (PDF, 1.64 MB)

Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel

SEP 21, 2021 | PUBLICATION
This resource gears the applicability of the enterprise Vendor Template to be used specifically by small and medium-sized businesses.
View Files

Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information

SEP 21, 2021 | PUBLICATION
This product provides research by SMEs in addressing liability limitations to improve sharing of supply chain risk information among the federal government and private industry.
Download File (PDF, 334.6 KB)

ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3

FEB 24, 2020 | PUBLICATION
Provides practical, example-based guidance on supply chain risk management (SCRM) threat analysis and evaluation.
View Files

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists

APR 12, 2021 | PUBLICATION
This report provides organizations a list of evaluation criteria and factors that can be used to inform their decision to build or rely on a qualified list for the acquisition of ICT products and services while managing supply chain risks.
Download File (PDF, 1.31 MB)

ICT SCRM Task Force Vendor Template

APR 12, 2021 | PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way.
Download File (PDF, 1.51 MB)

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
Download File (PDF, 580.12 KB)

Task Force Videos

Video on Building a More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic

VIDEO
This video details the impacts to ICT supply chains from the COVID-19 pandemic such as vendor transparency, single region/single source suppliers, and inventory management.
Building a More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic

Video on Evaluating Vendor and Supplier Trustworthiness

VIDEO
Explains the potential of two resources' usefulness to industry.   
Evaluating Vendor and Supplier Trustworthiness

Video on Impact Analysis and Mitigation of ICT Supply Chain Threats

VIDEO
This video highlights Version 3.0 of the Threat Scenarios Report, which uses the NIST Risk Management Framework to identify and analyze potential threat scenarios that can occur in a global ICT supply chain and how best to mitigate against these threats.
Impact Analysis and Mitigation of ICT Supply Chain Threats

Video on Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses

A complement to the Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses guide, this video provides additional information to help minimize and mitigate supply chain risks.
Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses

Video on Preliminary Considerations for Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information

VIDEO
Focuses on issues related to the sharing of supply chain risk information (SCRI) among the federal government and industry.
Preliminary Considerations for Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information

Contact Us

For questions or comments, email ict_scrm_taskforce@cisa.dhs.gov.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback