ICT Supply Chain Risk Management (SCRM) Workshop

Federal agency information systems are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of information and communications technologies (ICT) and the growing speed and scale of a complex, distributed global supply chain. Federal departments and agencies currently lack sufficient visibility and control throughout the ICT supply chain, which makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. This, in turn, increases the risk of exploitation of the supply chain through a variety of means including counterfeit materials, malicious software, or untrustworthy products.

The ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations.

NIST seeks to engage all stakeholders to:

• 1) Discuss and develop the fundamental underpinnings of ICT SCRM (lexicon, taxonomy, scope, need, and development approach),
• 2) Evaluate current and needed commercially reasonable ICT SCRM practices and related standards,
• 3) Identify ICT SCRM tools, technology and resources, and
• 4) Identify current and needed research and identify and evaluate technologies, tools, techniques, best practices and standards useful in securing the ICT supply chain.

TBD

ICT Supply Chain Risk Management
http://scrm.nist.gov/

= = = = =

NIST announces the Release of a Report by the University of Maryland on ICT supply chain initiatives and framework for defining architectures.

NIST is pleased to announce the release of a report by the University of Maryland's Supply Chain Management Center. The report, which stems from a NIST grant, inventories existing ICT supply chain initiatives and formulates a framework for defining ICT supply chain risk management (SCRM) architectures. The report builds on the work from a previous NIST grant to the University of Maryland, which profiles the ICT SCRM governance strategies and practices of over 200 key Federal government vendors. These reports will help guide NIST's work in the area of ICT SCRM. 

TBD