Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Resources & Tools
  3. Groups
  4. ICT Supply Chain Risk Management Task Force
Share:

Resources & Tools

  • All Resources & Tools
  • Services
  • Programs
  • Resources
  • Training
  • Groups
Working Group

ICT Supply Chain Risk Management Task Force

Related topics:
Information and Communications Technology Supply Chain Security

Overview

In December 2018, the Department of Homeland Security established the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance global ICT supply chain resilience. Composed of federal government and industry representatives from across the Information Technology and Communications Sectors, the Task Force serves as the Agency’s center of gravity for supply chain risk management partnership activity.

While ICT products and services have allowed for a rapid and dramatic change in how we work, learn, and socialize, it also presents broad attack surfaces for adversaries to find innovative ways to potentially infiltrate, exploit, and/or corrupt equipment, systems, and information used every day by the government, industry, and private citizens. Recognizing the importance of securing ICT supply chains, on May 15, 2019, the Executive Order (E.O.) 13873 on Securing the Information and Communications Technology and Services Supply Chain was signed into law. E.O. 13873 directs the federal government to strengthen efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services.

CISA is well positioned to synchronize interagency supply chain efforts across the Department to build resilience by enhancing coordination and collaboration with the private sector through the ICT SCRM Task Force. Learn more about CISA's E.O. 13873 response efforts.

Product Survey Feedback

Checklist on a clipboard with pen icon
Product Survey Feedback.  We welcome your feedback! Please share your thoughts about one or more of the ICT SCRM Task Force products through this voluntary, anonymous Product Feedback Survey.

 

ICT SCRM Task Force Year 3 Activities

The Task Force embodies CISA’s collective defense approach to enhance the ICT supply chain resilience. Members will continue to explore means for building partnerships with international partners, additional critical infrastructure sectors, and stakeholders who can help grow the applicability and utilization of Task Force products as well as support the Federal Acquisition Security Council (FASC).

The Task Force's current efforts include:

Hardware Bills of Materials (HBOM) Working Group, which will identify use cases for HBOMs and develop a taxonomy for HBOM data fields that could help inform the development of related guidance.
Small and Medium-sized Businesses Working Group, which will continue to develop guidance for the small and medium-sized community to assist with their establishment and conduct of supply chain risk management programs and policies.
Software Assurance Working Group, which will develop a Buyer's Guide that will help ensure that buyers, suppliers, and acquisition specialists refer to one piece of guidance that includes all important documentation regarding the implementation, security, and reliability of software assurance as well as the risks that can arise.
Product Marketing Working Group, which will undertake a marketing campaign to increase stakeholders’ awareness of the Task Force and its products, as well as engage with stakeholders to gather feedback on the Task Force’s products.

Featured Content

ICT SCRM Task Force Members

A diverse range of representatives from large and small private sector organizations within the IT and Communications sectors, ICT associations, and federal agencies.

ICT Supply Chain Resource Library

These resources and tools were developed by the ICT Supply Chain Risk Management (SCRM) Task Force­.

ICT SCRM Task Force in Action

In response to requirements in E.O. 13873, CISA and the ICT SCRM Task Force worked with industry and government partners on a number of items.

ICT SCRM Task Force: Small Business Week

These resources were developed by the ICT SCRM Task Force to address challenges commonly faced by SMBs.

ICT SCRM Task Force­ Resources

Please share your thoughts about the ICT Supply Chain Risk Management Task Force resources through this voluntary, anonymous Product Feedback Survey. We welcome your feedback! 

Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle

AUG 01, 2024 | PUBLICATION
The guide consolidates relevant software assurance guidance and frameworks into a single document and enables stakeholders to easily navigate through these requirements in a clear, concise manner.
View Files

ICT Supply Chain Risk Management Task Force Interim Report

DEC 17, 2020 | PUBLICATION
This report provides an overview of the Task Force and its first year’s efforts in addressing SCRM challenges such as information sharing; evaluating supply chain threats; identifying criteria for establishing Qualified Bidder Lists (QBL); and more.
Download File (PDF, 1.49 MB)

ICT Supply Chain Risk Management Task Force Year Two Report

DEC 17, 2020 | PUBLICATION
Provides an update on the ICT Supply Chain Risk Management Task Force’s progress in Year Two to advance meaningful partnerships and analysis around supply chain security and resilience.
Download File (PDF, 1.72 MB)

Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic

DEC 17, 2020 | PUBLICATION
This analysis report examines how the COVID-19 pandemic impacted the logistical supply chains of ICT companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.
View Files

Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel

OCT 26, 2021 | PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help small and medium-sized businesses guide supply chain risk planning in a standardized way.
View Files

Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information

SEP 21, 2021 | PUBLICATION
This product provides research by SMEs in addressing liability limitations to improve sharing of supply chain risk information among the federal government and private industry.
View Files

ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3

AUG 02, 2021 | PUBLICATION
Provides practical, example-based guidance on supply chain risk management (SCRM) threat analysis and evaluation.
View Files

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists

APR 12, 2021 | PUBLICATION
This report provides organizations a list of evaluation criteria and factors that can be used to inform their decision to build or rely on a qualified list for the acquisition of ICT products and services while managing supply chain risks.
View Files

ICT SCRM Task Force Vendor Template

APR 12, 2021 | PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way.
View Files

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
View Files

Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management

SEP 25, 2023 | PUBLICATION
Provides a framework that includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate.
View Files

Empowering Small and Medium-Sized Businesses

OCT 11, 2023 | PUBLICATION
A Resource Guide that provides a valuable starting point for SMBs to develop and tailor an ICT SCRM plan that meets the needs of their business.
View Files

ICT Supply Chain Fact Sheets

Software Acquisition Guide Fact Sheet

OCT 02, 2024 | FACT SHEET
A fact sheet providing an overview and frequently asked questions associated with the Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle.
Download File (PDF, 540.4 KB)

Reducing ICT Supply Chain Risk in Small and Medium-Sized Businesses Fact Sheet

MAY 23, 2023 | FACT SHEET
A fact sheet that provides an overview of the Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks.

Assisting Small and Medium-sized Businesses Assess Vendors and Suppliers Fact Sheet

APR 03, 2023 | FACT SHEET
A fact sheet that provides an overview of the ICT SCRM Task Force's resource, Operationalizing the Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses (SMB), and how this guide can help SMBs assess the security posture.

Building More Resilient ICT Supply Chains Fact Sheet

APR 03, 2023 | PUBLICATION
A fact sheet that provides an overview of the ICT Supply Chain Risk Management (SCRM) Task Force's resource, Lessons Learned During the Covid-19 Pandemic Study and the practical recommendations that can support organizations and businesses with operational decisions.
Download File (PDF, 375.54 KB)

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists Fact Sheet

APR 03, 2023 | PUBLICATION
A fact sheet that provides an overview of the ICT SCRM Task Force's resource, Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists, which provides risk-based recommendations surrounding the use of “Qualified Lists”.
Download File (PDF, 442.38 KB)

Sharing Supply Chain Risk Information to Increase Resilience Fact Sheet

APR 03, 2023 | PUBLICATION
A fact sheet that provides an overview of the report, Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information (SCRI), which details why sharing of SCRI is important.
Download File (PDF, 323.17 KB)

Procuring Safe and Secure ICT Products and Services Fact Sheet

APR 03, 2023 | PUBLICATION
A fact sheet that provides an overview of the ICT SCRM Task Force's resource, Vendor SCRM Template, which helps organizations and businesses assess the security posture of their vendors and suppliers in a standardized way.
Download File (PDF, 361.62 KB)

Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management Fact Sheet

SEP 14, 2023 |
Learn more about the Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management.
Download File (PDF, 377.75 KB)

Developing a Resilient SCRM Plan for Small and Medium-Sized Businesses Fact Sheet

OCT 11, 2023 | FACT SHEET
A fact sheet that provides an overview of the ICT SCRM Task Force’s resource Empowering SMBs: A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan.

ICT SCRM Task Force Videos

CISA Releases Software Acquisition Guide for Government Enterprise Consumers

CISA Releases A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan

CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)

Mitigating ICT Supply Chain Risk for Small and Medium-sized Businesses

Evaluating Vendor and Supplier Trustworthiness

Improving Multi-Directional Sharing of Supply Chain Risk Information

CISA Releases A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan

ICT SCRM Task Force Webinars

ICT SCRM Task Force Software Acquisition Guide Webinar - Part 2

Webinar: Enhancing Cyber Supply Chain Assurance—Implementation at the State Procurement Level

ICT SCRM Task Force Software Acquisition Guide Webinar - Part 1

CISA's Information and Communications Technology - Supply Chain Risk Management Webinar with ASL

ICT SCRM Task Force SMB webinar

CISA Webinar: Securing Small and Medium-Sized Business Supply Chains

CISA Webinar: Securing and Enhancing the ICT Supply Chain

ICT SCRM Task Force Conference Recordings

ICT SCRM Task Force Conference Recording PM Session

Related News

Latest news on the ICT Supply Chain Risk Management Task Force.

Feb 06, 2024
Press Release

CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force

Oct 23, 2023
Press Release

CISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience Plans

Sep 25, 2023
Press Release

CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)  

Jan 11, 2022
Press Release

ICT Supply Chain Risk Management Task Force Announces new members and Working Group

Aug 02, 2021
Press Release

CISA Announces Renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Feb 04, 2021
Press Release

CISA Announces Extension of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force

Dec 17, 2020
Press Release

CISA Releases ICT Supply Chain Risk Management Task Force Year 2 Report

Contact

For questions or comments, email ict_scrm_taskforce@hq.dhs.gov.

Tags

Sector: Information Technology Sector
Topics: Information and Communications Technology Supply Chain Security
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback