The Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force approved a new working group to develop SCRM frameworks and best practices.
“The goal is to empower stakeholders across the ICT ecosystem to make risk-informed decisions that increase trust across their supply chains,” Bob Kolasky, SCRM Task Force co-chair and assistant director for CISA’s National Risk Management Center, said in a Dec. 18 press release.
The working group will develop SCRM guidance around supplier risk, lifecycle management, cybersecurity, and more to help organizations address supply chain challenges. The new group will be a part of the larger SCRM Task Force addressing ICT supply chain concerns.
“The new Task Force working group will focus on developing actionable recommendations that will help private sector entities of all sizes demonstrate the effectiveness and accountability of their supply chain security programs and practices,” John Miller, Task Force co-chair and senior vice president of Policy at the Information Technology Industry Council, explained.
SCRM Task Force’s other four working groups address timely sharing of supply chain risks, evaluation of supply chain threats, establishment of Qualified Bidder Lists and Qualified Manufacturer Lists, and policy recommendations for incentivizing the purchase of ICT from original manufacturers.