communications

ICT Supply Chain Library

Compiled by CISA and the ICT SCRM Task Force, this library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources below are intended to provide a better understanding of the wide array of supply chain risk management efforts and activities underway or in place.

Risks Telecommunications Central Offices

This infographic identifies the risks associated with physical, cyber, utilities and services, and network resilience of telecommunications central office services as well as potential mitigations to improve telecommunication resiliency. It is meant to facilitate constructive and meaningful dialogue between service providers and their customers in critical infrastructure and Federal, State, Local, Tribal, and Territorial (FSLTT) governments on how to lower the risk to their facilities from physical and cyber threats.

5G Potential Threat Vectors

CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.

ICT SCRM Task Force Vendor Template

The Vendor SCRM Template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.