In 2018, the Cybersecurity and Infrastructure Security Agency (CISA) established the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force as a public-private joint effort to build partnerships and enhance ICT supply chain resilience.
The Task Force is dedicated to identifying threats and developing solutions to enhance resilience by reducing the attack surface of critical infrastructure. This diverse group is poised perfectly to evaluate existing practices and elevate them to new heights by enhancing existing standards and frameworks with up-to-date practical advice.
The core of the task force is the working groups. These groups are created and disbanded as needed to address core areas of the cyber supply chain. Some of the working groups have been concentrating on areas like:
- The legal risks of information sharing
- Evaluating supply chain threats
- Identifying criteria for building Qualified Bidder Lists and Qualified Manufacturer Lists
- The impacts of the COVID-19 pandemic on supply chains
- Creating a vendor supply chain risk management template
Every week, CISA is promoting resources, tools, and information, including those developed by the public-private ICT Supply Chain Risk Management (SCRM) Task Force.
- Week 1: Building Collective Supply Chain Resilience
- Week 2: Assessing ICT Trustworthiness
- Week 3: Understanding Supply Chain Threat
- Week 4: Knowing the Essentials
Links:
- https://www.rapid7.com/blog/post/2022/03/14/an-inside-look-at-cisas-supply-chain-task-force/
- https://www.cisa.gov/supply-chain-integrity-month