Press Release

CISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience Plans


 WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) released a new resource guide today, Empowering Small and Medium-Sized Businesses (SMB): A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan, which provides Information and Communications Technology (ICT) SMBs with a starting point develop and tailor a supply chain risk management (SCRM) plan that meets the needs of their business.

When it comes to the costs and complexity of supply chain risk management, SMBs often lack dedicated risk management and SCRM expertise to mitigate risk of disruption to their supply chain. This guide was developed by the ICT SCRM Task Force, of which CISA is a tri-chair, which has a subgroup that specifically focuses on the needs of SMBs.

"In acknowledging the resource challenges faced by small and medium-sized businesses amidst today's complex supply chain risks, we're committed to offering vital support,” said Mona Harrington, CISA Assistant Director for the National Risk Management Center. “Our unique qualifications, along with valuable partner collaboration in crafting this guide, underscore our dedication to these businesses' role in enhancing ICT supply chain resilience." 

Enhancing ICT supply chain security and resilience stands as one of CISA's foremost priorities. By working together with government and industry partners, the agency aims to fortify the ICT supply chain's security posture. Given the profound interconnectivity between sectors and the scale of supply chain risks faced by both government and industry, the Task Force exemplifies CISA's collective defense approach to bolster ICT supply chain resilience.

To view this Resource Guide, visit:

To register for a webinar to learn more, visit: Empowering SMBs: Developing a Resilient Supply Chain Risk Management Plan | CISA

For more information about CISA’s efforts, visit