ICT Supply Chain Risk Management Task Force
In December 2018, the Department of Homeland Security established the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance global ICT supply chain resilience. Composed of federal government and industry representatives from across the Information Technology and Communications Sectors, the Task Force serves as the Agency’s center of gravity for supply chain risk management partnership activity.
While ICT products and services have allowed for a rapid and dramatic change in how we work, learn, and socialize, it also presents broad attack surfaces for adversaries to find innovative ways to potentially infiltrate, exploit, and/or corrupt equipment, systems, and information used every day by the government, industry, and private citizens. Recognizing the importance of securing ICT supply chains, on May 15, 2019, the Executive Order (E.O.) 13873 on Securing the Information and Communications Technology and Services Supply Chain was signed into law. E.O. 13873 directs the federal government to strengthen efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services.
CISA is well positioned to synchronize interagency supply chain efforts across the Department to build resilience by enhancing coordination and collaboration with the private sector through the ICT SCRM Task Force. Learn more about CISA's E.O. 13873 response efforts.
Product Survey Feedback
We welcome your feedback! Please share your thoughts about one or more of the ICT SCRM Task Force products through this voluntary, anonymous Product Feedback Survey.
ICT SCRM Task Force Year 3 Activities
The Task Force embodies CISA’s collective defense approach to enhance the ICT supply chain resilience. Members will continue to explore means for building partnerships with international partners, additional critical infrastructure sectors, and stakeholders who can help grow the applicability and utilization of Task Force products as well as support the Federal Acquisition Security Council (FASC).
The Task Force's current efforts include:
Hardware Bills of Materials (HBOM) Working Group, which will identify use cases for HBOMs and develop a taxonomy for HBOM data fields that could help inform the development of related guidance.
Small and Medium-sized Businesses Working Group, which will continue to develop guidance for the small and medium-sized community to assist with their establishment and conduct of supply chain risk management programs and policies.
Software Assurance Working Group, which will develop a Buyer's Guide that will help ensure that buyers, suppliers, and acquisition specialists refer to one piece of guidance that includes all important documentation regarding the implementation, security, and reliability of software assurance as well as the risks that can arise.
Product Marketing Working Group, which will undertake a marketing campaign to increase stakeholders’ awareness of the Task Force and its products, as well as engage with stakeholders to gather feedback on the Task Force’s products.
ICT SCRM Task Force Members
A diverse range of representatives from large and small private sector organizations within the IT and Communications sectors, ICT associations, and federal agencies.
ICT SCRM Task Force Resources
These resources and tools were developed by the ICT Supply Chain Risk Management (SCRM) Task Force.
ICT SCRM Task Force in Action
In response to requirements in E.O. 13873, CISA and the ICT SCRM Task Force worked with industry and government partners on a number of items.
ICT SCRM Task Force Resources
Please share your thoughts about the ICT Supply Chain Risk Management Task Force resources through this voluntary, anonymous Product Feedback Survey. We welcome your feedback!
ICT Supply Chain Risk Management Task Force Interim Report
ICT Supply Chain Risk Management Task Force Year Two Report
Building A More Resilient ICT Supply Chain: Lessons Learned During the COVID-19 Pandemic
Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel
Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information
ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3
Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists
ICT SCRM Task Force Vendor Template
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
ICT Supply Chain Fact Sheets
Reducing ICT Supply Chain Risk in Small and Medium-Sized Businesses Fact Sheet
Assisting Small and Medium-sized Businesses Assess Vendors and Suppliers Fact Sheet
Building More Resilient ICT Supply Chains Fact Sheet
Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists Fact Sheet
Sharing Supply Chain Risk Information to Increase Resilience Fact Sheet
Procuring Safe and Secure ICT Products and Services Fact Sheet
ICT SCRM Task Force Videos
For questions or comments, email firstname.lastname@example.org.