supply chain security

ICT Supply Chain Library

Compiled by CISA and the ICT SCRM Task Force, this library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources below are intended to provide a better understanding of the wide array of supply chain risk management efforts and activities underway or in place.

Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.

ICT SCRM Task Force Vendor Template

The Vendor SCRM Template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.

CISA and Partners Promote Call to Action During National Supply Chain Integrity Month

In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains.
Last Published Date: October 25, 2021

ICT SCRM Task Force Events

CISA's virtual event, Partnership in Action: Driving Supply Chain Security, will take place on December 17 from 2-4 pm ET. This event is a unique opportunity for the cybersecurity, critical infrastructure, and information security communities to learn about the Task Force’s progress, findings, and accomplishments in Year Two to further assess and manage risks associated with the global ICT supply chain.