Supply Chain

ICT Supply Chain Risk Management Task Force Announces new members and Working Group

Read more about ICT Supply Chain Risk Management Task Force Announces new members and Working Group

Government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to announce new members and map out the Task Force’s 2022 workplan.

Last Published Date: January 11, 2022

Sharing Information to Get Ahead of Supply Chain Risks

Read more about Sharing Information to Get Ahead of Supply Chain Risks

Author: by the National Risk Management Center

ICT SCRM Task Force Operationalizing Vendor SCRM Template for SMBs

Read more about ICT SCRM Task Force Operationalizing Vendor SCRM Template for SMBs

The ICT Supply Chain Risk Management (SCRM) Task Force Small and Medium-sized Businesses (SMB) Working Group (WG) was created with the purpose of tailoring Task Force products to make them more applicable to SMBs which may find it difficult to institutionalize federal supply chain guidance due to limited finances, resources, and employees.

ICT SCRM Task Force Improve Multi-Directional SCRI

Read more about ICT SCRM Task Force Improve Multi-Directional SCRI

The ICT Supply Chain Risk Management (SCRM) Task Force Information Sharing Working Group (WG1) was created with the purpose of providing considerations about improving the sharing of supply chain risk information (SCRI) among the federal government and private industry to help mitigate threats to the nation’s ICT supply chain.

CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Read more about CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the extension of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.

Last Published Date: August 2, 2021

ICT Supply Chain Library

Read more about ICT Supply Chain Library

Compiled by CISA and the ICT SCRM Task Force, this library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources below are intended to provide a better understanding of the wide array of supply chain risk management efforts and activities underway or in place.

ICT Supply Chain Toolkit

Read more about ICT Supply Chain Toolkit

This Toolkit—which includes strategic messaging, social media, videos, and resources—is designed to emphasize the role that we all have in securing information and communications technology (ICT) supply chains.

April is National Supply Chain Integrity Month - Week 4

Read more about April is National Supply Chain Integrity Month - Week 4

As the use of ICT continues to accelerate and expand, so will the attack surface for adversaries seeking to steal, compromise or alter, and destroy sensitive information. In the final week of National Supply Chain Integrity Month, CISA is reminding everyone that strengthening ICT supply chains requires an ongoing, unified effort between government and industry.

Software Supply Chain Attacks

Read more about Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

April is National Supply Chain Integrity Month - Week 3

Read more about April is National Supply Chain Integrity Month - Week 3

During the third week of National Supply Chain Integrity Month, CISA is emphasizing the importance of understanding supply chain threats. As technology evolves, so does the threat environment. Of particular importance is securing information and communications technology (ICT) supply chains. With ICT serving as the bedrock for the nation’s critical infrastructure, their supply chains are valuable targets for adversaries seeking to steal, compromise, alter, or destroy sensitive information being stored in and communicated through ICT