ICT Supply Chain Risk Management Task Force
In December 2018, the Department of Homeland Security established the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance global ICT supply chain resilience. Composed of federal government and industry representatives from across the Information Technology and Communications Sectors, the Task Force serves as the Agency’s center of gravity for supply chain risk management partnership activity.
While ICT products and services have allowed for a rapid and dramatic change in how we work, learn, and socialize, it also presents broad attack surfaces for adversaries to find innovative ways to potentially infiltrate, exploit, and/or corrupt equipment, systems, and information used every day by the government, industry, and private citizens. Recognizing the importance of securing ICT supply chains, on May 15, 2019, the Executive Order (E.O.) 13873 on Securing the Information and Communications Technology and Services Supply Chain was signed into law. E.O. 13873 directs the federal government to strengthen efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services.
CISA is well positioned to synchronize interagency supply chain efforts across the Department to build resilience by enhancing coordination and collaboration with the private sector through the ICT SCRM Task Force. Learn more about CISA's E.O. 13873 response efforts.
March 2023: We welcome your feedback! Please share your thoughts about one or more of the ICT SCRM Task Force products through this voluntary, anonymous Product Feedback Survey.
ICT SCRM Task Force Year 3 Activities
The Task Force's current efforts include:
Hardware Bills of Materials (HBOM) Working Group, which will identify use cases for HBOMs and develop a taxonomy for HBOM data fields that could help inform the development of related guidance.
Small and Medium-sized Businesses Working Group, which will continue to develop guidance for the small and medium-sized community to assist with their establishment and conduct of supply chain risk management programs and policies.
Software Assurance Working Group, which will develop a Buyer's Guide that will help ensure that buyers, suppliers, and acquisition specialists refer to one piece of guidance that includes all important documentation regarding the implementation, security, and reliability of software assurance as well as the risks that can arise.
Product Marketing Working Group, which will undertake a marketing campaign to increase stakeholders’ awareness of the Task Force and its products, as well as engage with stakeholders to gather feedback on the Task Force’s products.
ICT SCRM Task Force Members
A diverse range of representatives from large and small private sector organizations within the IT and Communications sectors, ICT associations, and federal agencies.
ICT SCRM Task Force Resources
These resources and tools were developed by the ICT Supply Chain Risk Management (SCRM) Task Force.
ICT SCRM Task Force in Action
In response to requirements in E.O. 13873, CISA and the ICT SCRM Task Force worked with industry and government partners on a number of items.
ICT SCRM Task Force Resources
Please share your thoughts about the ICT Supply Chain Risk Management Task Force resources through this voluntary, anonymous Product Feedback Survey. We welcome your feedback!
ICT Supply Chain Risk Management Task Force Interim Report
ICT Supply Chain Risk Management Task Force Year Two Report
Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic
Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel
Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information
ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3
Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists
ICT SCRM Task Force Vendor Template
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
ICT SCRM Task Force Videos
For questions or comments, email email@example.com.