ICT Supply Chain Resource Library

Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Fund supports the rapid implementation of the semiconductor provisions included in the Fiscal Year (“FY”) 2021 National Defense Authorization Act.

Cooperation on resilient supply chains with allies and partners who share our values will foster collective economic and national security and strengthen the capacity to respond to international disasters and emergencies.

An EO mandating improving the nation's cybersecurity.

Protect against the risks associated with connected software applications that are designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.

Protect the security, integrity, and reliability of information and communications technology and services provided and used in the United States.

CISA and the ICT Supply Chain Risk Management Task Force developed two resources in response to Executive Order 13873.

Creates the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.

Findings of the initial set of reviews of supply chains of 4 critical products: semiconductor manufacturing and advanced packaging; large capacity batteries; critical minerals and materials; and pharmaceuticals and active pharmaceutical ingredients.

This order empowers State, local, and individual preparedness and injects common sense into infrastructure prioritization and strategic investments through risk-informed decisions that make our infrastructure, communities, and economy resilient.

Reliability Standards that address the: sufficiency of responsible entities' supply chain risk management plans related to the identification of, assessment of, and response to supply chain risks.

Issued to enhance the United States' cybersecurity posture across federal systems, supply chains, and critical infrastructure. It builds upon the foundation set by Executive Order 14028 and introduces several new key measures. 

This initiative aims to enhance the resilience and competitiveness of United States supply chains, addressing vulnerabilities exposed by the COVID-19 pandemic and ongoing inflation resulting in the White House Council on Supply Chain Resilience.

Learn more about this Advance Notice of Proposed Rulemaking.

Process and procedures that the Secretary of Commerce will use to identify, assess, and address certain information and communications technology and services transactions that pose an undue risk to critical infrastructure of the nation.

DoD, GSA, and NASA issued multiple rules amending the Federal Acquisition Regulation (FAR) to implement section 889 of the National Defense Authorization Act (NDAA).

Share supply chain security risk information with trusted providers of advanced communications service and suppliers of communications equipment or services.

Updates to the Bureau of Industry and Security (BIS) Entity List prohibits the export, reexport, and retransfer of all U.S.-origin items subject to Export Administration Regulations to entities on that list.

Contains the foreign parties subject to specific license requirements for the export, reexport, or in-country transfer of controlled items, ensuring sensitive technologies do not fall into the hands of those who would threaten national security.

Imposes a control over certain foreign-produced items when there is knowledge that such items are destined to a designated entity on the [BIS] Entity List.

Greater transparency allows earlier identification (and mitigation) of potentially vulnerable systems, supports informed purchasing decisions, and incentivizes secure software development practices.

Findings of the initial set of reviews of supply chains of 4 critical products: semiconductor manufacturing and advanced packaging; large capacity batteries; critical minerals and materials and pharmaceuticals and active pharmaceutical ingredients.

Assists organizations verify that the internal components of the computing devices they acquire are genuine and have not been tampered with.

Demonstrable business practices that can help protect cyber supply chain risk management. 

Helps individual organizations within an enterprise improve their cybersecurity risk information.

Charges multiple agencies with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.

Describes a set of fundamental, sound practices for secure software development called the Secure Software Development Framework (SSDF). 

This publication helps organizations identify those systems and components that are most vital and which may need additional security or other protections. 

A NIST effort to work with the private sector and others in government to improve cybersecurity in supply chains.

Guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. 

Catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks.

Demonstrate how organizations can verify that the components of their acquired computing devices are genuine and have not been tampered with or otherwise modified throughout the devices' life cycles.

The NIST AI Risk Management Framework (AI RMF) is intended to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.

Recommendations to the FCC regarding ways the FCC can help to ensure security, reliability, and interoperability of communications systems.

​​​​​This report is focused on software supply chain security in this new ecosystem with service providers, cloud service providers, and software vendors to identify recommended best practices to improve communications software supply chain security.

​​​​​The schools and libraries universal service support program, commonly known as the E-rate program, helps schools and libraries to obtain affordable broadband. 

Protects against national security threats to the communications supply.

Streamlines the process for coordination between the FCC and Executive Branch agencies for assessments regarding certain applications filed with the Commission.

FCC Program designation aimed at protecting the communications supply chain. 

FCC Program designation aimed at protecting the communications supply chain. 

The Federal Communications Commission was created for many reasons, including for the purpose of national defense and promoting safety of life and property through the use of wire and radio communication.

 Assists in the direction and coordination of Government-wide procurement policy and Government-wide procurement regulatory activities in the Federal Government

Public Law No. 116-124 on March 12, 2020

Became Public Law No. 116-129 on March 23, 2020

Strategic approach to defending the United States in cyberspace against cyber-attacks of significant consequences.

CFIUS is an interagency committee authorized to review certain transactions involving foreign investment in the United States and certain real estate transactions by foreign persons.

Critical connection between established security and protection practices
and business practices.