NCSC works with its partners to assess and mitigate the activities of foreign intelligence entities and other adversaries who attempt to compromise the supply chains of our government and industry. These adversaries exploit supply chain vulnerabilities to steal America’s intellectual property, corrupt our software, surveil our critical infrastructure, and carry out other malicious activities. They infiltrate trusted suppliers and vendors to target equipment, systems, and information used every day by the government, businesses, and individuals. The cost to our nation comes not only in lost innovation, jobs, and economic advantage, but also in reduced U.S. military strength.
RELEVANT REPORTS, BRIEFINGS & READING MATERIAL
(New) Podcast on Cyber & Supply Chain Threats to the Health Care Sector
(New) Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains
Supply Chain – Are you at Risk?
- Software Supply Chain Attack graphic (PDF)
- 2018 Foreign Economic Espionage in Cyberspace report (PDF)
Supply Chain Risk Management (SCRM) – Don’t Be the Weakest
Link!
- NCSC Bakers’ Dozen – 13 Elements of an Effective SCRM Program (PDF)
- NCSC SCRM Framework for Assessing Risk (PDF)
- NCSC SCRM Best Practices (PDF)
- Intelligence Community Logistics and SCRM (PDF)
- NCSC Supply Chain Risk Management video
- NCSC Federal Partner Newsletter : National Supply Chain Integrity Month (PDF)
- Deliver Uncompromised report (PDF)
Thought Leaders: Supply Chain Security
5G Wireless Technology
- State Department 5G Technology Website
- State Department Fact Sheet: 5G Security – What is Trust?
- State Department Fact Sheet: 5G Security – Incredible Promise, Significant Risk
- State Department 5G Technology Video
- DHS 5G Wireless Networks Graphic: Market Penetration and Risk Factors
Supply Chain Risk Management – Authorities, Policies, and
Standards
- SECURE Technology Act: Establishment of the Federal Acquisition Security Council
- Federal Acquisition Security Council overview (PDF)
- Federal Acquisition Supply Chain Security Act graphic (PDF)
- H.R.7327 SECURE Technology Act (PDF)
- NIST Special Publication 800-161 (PDF)
- ICD 731, Supply chain Risk Management for the Intelligence Community (PDF)
- Executive Order 13806 report (PDF)
Tools
Supply Chain Resources
- Department of Defense resources
- Department of Homeland Security resources
- UK National Cyber Security Centre resources
Additional Resources
- National Cyber Strategy of the United States - September 2018 (PDF)
- National Security Strategy 2017 (PDF)
- National Counterintelligence Strategy 2016 (PDF)
- Supply Chain Risk Management Practices for Federal Information Systems and Organizations (PDF)
- Supply Chain Risk Management CNSSD 505
- Defense Science Board (DSB) Task Force Report on Cyber Supply Chain
- DNI ICD 731 Supply Chain Risk Management 20131207 (PDF)
- DNI ICD 731-01 Supply Chain Criticality Assessment 20151002 (PDF)
- DNI ICD 731-02 Supply Chain Threat Assessments 20160517 (PDF)
- DNI ICD 731-03 Supply Chain Information Sharing (PDF)