The ICT Supply Chain Risk Management (SCRM) fact sheet is a quick reference guide that companies and organizations can download or share to raise awareness of information and communications technology (ICT) supply chain risks and to help build a national culture of supply chain security.

Return to ICT Supply Chain Risk Management.

In response to Executive Order 13873, CISA's NRMC and the ICT Supply Chain Risk Management Task Force worked with government and industry partners to develop two resources that describe a standardized taxonomy of information and communications technology (ICT) elements; perform criti

The National Risk Management Center (NRMC) supports CISA’s Cyber and Infrastructure Security Mission by creating an environment where government and industry can collaborate within and across sectors to develop plans and solutions for reducing cyber and other systemic risks to national and economic security. NRMC turns analysis into action by developing risk management solutions

Any facility that possesses or plans to possess any of the chemicals of interest (COI) regulated under the Chemical Facility Anti-Terrorism Standards (CFATS) at or above a specified quantity or concentration must report their holdings to CISA.

This fact sheet explains how DHS uses the CISA Gateway to share certain CFATS data elements to improve coordination and information sharing with State and local governments, and community stakeholders.

The Department of Homeland Security (DHS), in coordination with relevant Sector Specific Agencies (SSAs), annually identifies and maintains a list of critical infrastructure entities that meet the criteria specified in Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, Section 9(a) (“Section 9 entities”) utilizing a risk-based approach. Section 9 entities are defined as “critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”