ICT Supply Chain Risk Management Task Force

Overview

In December 2018, the Department of Homeland Security established the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance global ICT supply chain resilience. Composed of federal government and industry representatives from across the Information Technology and Communications Sectors, the Task Force serves as the Agency’s center of gravity for supply chain risk management partnership activity.

While ICT products and services have allowed for a rapid and dramatic change in how we work, learn, and socialize, it also presents broad attack surfaces for adversaries to find innovative ways to potentially infiltrate, exploit, and/or corrupt equipment, systems, and information used every day by the government, industry, and private citizens. Recognizing the importance of securing ICT supply chains, on May 15, 2019, the Executive Order (E.O.) 13873 on Securing the Information and Communications Technology and Services Supply Chain was signed into law. E.O. 13873 directs the federal government to strengthen efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services.

CISA is well positioned to synchronize interagency supply chain efforts across the Department to build resilience by enhancing coordination and collaboration with the private sector through the ICT SCRM Task Force. Learn more about CISA's E.O. 13873 response efforts.

ICT SCRM Task Force Year 3 Activities

The Task Force's current efforts include:

	Hardware Bills of Materials (HBOM) Working Group, which will identify use cases for HBOMs and develop a taxonomy for HBOM data fields that could help inform the development of related guidance.
	Small and Medium-sized Businesses Working Group, which will continue to develop guidance for the small and medium-sized community to assist with their establishment and conduct of supply chain risk management programs and policies.
	Software Assurance Working Group, which will develop a Buyer's Guide that will help ensure that buyers, suppliers, and acquisition specialists refer to one piece of guidance that includes all important documentation regarding the implementation, security, and reliability of software assurance as well as the risks that can arise.
	Product Marketing Working Group, which will undertake a marketing campaign to increase stakeholders’ awareness of the Task Force and its products, as well as engage with stakeholders to gather feedback on the Task Force’s products.