The ICT Supply Chain Risk Management (SCRM) Task Force Small and Medium-sized Businesses (SMB) Working Group (WG) was created with the purpose of tailoring Task Force products to make them more applicable to SMBs which may find it difficult to institutionalize federal supply chain guidance due to limited finances, resources, and employees.
supply chain security
The ICT Supply Chain Risk Management (SCRM) Task Force Information Sharing Working Group (WG1) was created with the purpose of providing considerations about improving the sharing of supply chain risk information (SCRI) among the federal government and private industry to help mitigate threats to the nation’s ICT supply chain.
This Toolkit—which includes strategic messaging, social media, videos, and resources—is designed to emphasize the role that we all have in securing information and communications technology (ICT) supply chains.
The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.
The Vendor SCRM Template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.
Week 1: Building Collective Supply Chain Resilience
Authored by: National Risk Management Center
April is National Supply Chain Integrity Month.