Paper and FAQs on Executive Order 13873 Response: Methodology for Assessing the Most Critical ICT and Services and FAQs Document

Revision Date

In response to Executive Order 13873, CISA's and the ICT Supply Chain Risk Management Task Force worked with government and industry partners to develop two resources that describe a standardized taxonomy of information and communications technology (ICT) elements; perform criticality assessments on the ICT elements with appropriate stakeholder input; and assess the national security risks stemming from vulnerabilities in ICT hardware, software, and services, including components enabling 5G communication.

Please note that these resources are provided "as is" informational purposes only. This methodology can be used as an input to a risk assessment, but by itself is not sufficient for a comprehensive review of risk.