NRMC

Systemic Cyber Risk Reduction

Working with government and industry partners, CISA’s National Risk Management Center is adding analytic rigor to the ability for organizations to quantify cyber risk impact for cybersecurity measures they have in place in order to develop actionable metrics, and use this information to reduce shared risk to the Nation’s security and economic security.

CISA Releases ICT Supply Chain Risk Management Task Force Year 2 Report

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an annual report on its progress to advance meaningful partnerships and analysis around supply chain security and resilience.
Last Published Date: December 17, 2020

ICT SCRM Task Force Year Two Report

This report provides an update on the ICT Supply Chain Risk Management (SCRM) Task Force’s progress in Year Two to advance meaningful partnerships and analysis around supply chain security and resilience. The report summarizes the work of the Task Force’s five working groups to address challenges to information sharing, threat analysis, qualified bidder and qualified manufacturer lists, vendor assurance, and impacts of the COVID-19 pandemic on ICT supply chains.

Return to ICT Supply Chain Risk Management.

ICT SCRM Task Force Events

CISA's virtual event, Partnership in Action: Driving Supply Chain Security, will take place on December 17 from 2-4 pm ET. This event is a unique opportunity for the cybersecurity, critical infrastructure, and information security communities to learn about the Task Force’s progress, findings, and accomplishments in Year Two to further assess and manage risks associated with the global ICT supply chain.

5G Edge Vs Core

The Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks informs stakeholders about how edge computing increases the risks of untrusted components into 5G networks by moving core functions away from traditional network boundaries. The product is intended to provide an overview of edge computing and represents CISA’s analysis of the risks associated with installation of untrusted components into 5G infrastructures.