This CISA Insights provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.
This infographic identifies the risks associated with physical, cyber, utilities and services, and network resilience of telecommunications central office services as well as potential mitigations to improve telecommunication resiliency. It is meant to facilitate constructive and meaningful dialogue between service providers and their customers in critical infrastructure and Federal, State, Local, Tribal, and Territorial (FSLTT) governments on how to lower the risk to their facilities from physical and cyber threats.
CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.
This Toolkit—which includes strategic messaging, social media, videos, and resources—is designed to emphasize the role that we all have in securing information and communications technology (ICT) supply chains.
Bug Bytes, the second graphic novel in CISA’s Resilience Series, communicates the dangers and risks associated with threat actors using social media and other communication platforms to spread mis-, dis-, and malinformation (MDM) for the sole purpose of planting doubt in the minds of targeted audiences to steer their opinion.
This report, Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists, provides organizations a list of criteria and factors that can be used to inform an organization's decision to build or rely on a qualified list for the acquisition of information and communications technology (ICT) products and services.
The Vendor SCRM Template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.
April is National Supply Chain Integrity Month.