CISA’s ICT Supply Chain Risk Management (SCRM) Task Force is pleased to share two new resources

CISA’s ICT Supply Chain Risk Management (SCRM) Task Force is pleased to share two new resources that can assist organizations and businesses assess the trustworthiness of their vendors and suppliers:

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists: In a digitally-connected world, protecting your organization’s information requires understanding not only your immediate supply chain, but also the extended supply chains of your vendors and suppliers. This report provides organizations with a list of criteria and factors that can be used to inform an organization's decision to build or rely on a qualified list for the acquisition of ICT products and services.

Vendor SCRM Template: This template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services. The Task Force would like to pilot the template with all interested parties to ascertain the usefulness of the product.  Should you wish to participate in the pilot program, please email us.

We hope that you find these products to be helpful in enhancing your organization’s supply chain resilience.  Please email us if you are interested in having a Task Force member speak with your organization about its products or on how to incorporate any of the products into your organization’s security program. For additional free, voluntary resources and information on how to reduce the impact of supply chain risk, visit CISA's Supply Chain Risk Management Toolkit.  In addition, please view the video below to learn more about the Qualified Bidder and Manufacturers Lists and the Vendor SCRM Template.

Click here for Video: Evaluating Vendor and Supplier Trustworthiness