ICT Supply Chain Risk Management Task Force Threat Scenarios Report Versions 1, 2, and 3

The objective of the Threat Scenarios Report is to provide practical, example-based guidance on supply chain risk management (SCRM) threat analysis and evaluation. Acquisition professionals in government and industry can use this guidance during procurement or source selection to assess supply chain risks and develop practices/procedures to manage the potential impact of these threats.

In February 2020, the ICT SCRM Task Force released an initial report on Threat Scenarios focused specifically on “suppliers.” After evaluating close to 200 supply chain threats, these threats were compartmentalized into nine supplier threat categories to aid in the evaluation and development of scenarios intended to provide insights into the processes and criteria for conducting supplier threat assessment. Each scenario includes the threat, source(s) or actor(s), outcome, mitigating strategies, and more information.

Version 2 released in February 2021 adds the assessment of impacts and mitigating controls to the supplier threat scenarios originally provided. It also includes threat mitigation strategies and SCRM controls that may reduce the impact of these threats.

Version 3 adds the assessment of products and services and includes scenario-specific impacts and mitigating controls to the supplier threat scenarios.

These reports are provided "as is" for informational purposes only and serve as a baseline evaluation of risks to ICT suppliers.

We welcome your feedback! Please share your thoughts about these products through this voluntary, anonymous Product Feedback Survey.