Supply Chain Risk Management (SCRM) and
Cybersecurity Supply Chain Risk Management (C-SCRM) have gained increased attention recently as several high profile incidents compromised a number of federal systems. In the wake of those incidents, The White House, the Cybersecurity and Infrastructure Security Agency and the National Institute for Standards and Technology have all stepped in to provide new guidance and tools for agencies to improve their approaches to supply chain security.
New reports from the General Accounting Office give a picture of how agencies are progressing in adopting the new measures, and NIST has developed a new tool to help agencies understand where the risk is and how to combat it. Since vulnerabilities can affect both software and hardware, third-party risk is the greatest threat, and agencies are looking for help in creating a digital footprint and identifying where in the supply chain the risk dwells.
Groups across the federal government are approaching problems associated with supply chain, cyber hygiene of the nation’s industrial base, and the impact on federal buyers of Information and Telecommunication Technology and Audio Visual products, services, and solutions. This program is designed to share best practices and to have meaningful dialogue about the complexities of SCRM, and to provide value added information for federal buyers across government.
Attendees will come away from this forum with a better understanding of:
- What the new Executive Orders mean for agencies
- How to identify what is in the supply chain and apply defense to highest risk areas
- The role of the National Risk Management Center and where to find guidance and help to reduce supply chain risk
- How to apply the definitions of critical software categories
- The Federal Acquisition Security Council’s role in improving supply chain security
- What are the deadlines agencies must meet going forward