CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.
This Toolkit—which includes strategic messaging, social media, videos, and resources—is designed to emphasize the role that we all have in securing information and communications technology (ICT) supply chains.
Bug Bytes, the second graphic novel in CISA’s Resilience Series, communicates the dangers and risks associated with threat actors using social media and other communication platforms to spread mis-, dis-, and malinformation (MDM) for the sole purpose of planting doubt in the minds of targeted audiences to steer their opinion.
The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.
This report, Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists, provides organizations a list of criteria and factors that can be used to inform an organization's decision to build or rely on a qualified list for the acquisition of information and communications technology (ICT) products and services.
The Vendor SCRM Template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.
April is National Supply Chain Integrity Month.