{Dec. 2012} -- NIST is pleased to announce a report by the University of Maryland’s Supply Chain Management Center: Proof of Concept for an Enterprise ICT SCRM Assessment Package
{Oct. 15-16, 2012} -- NIST held a workshop on ICT SCRM in Gaithersburg, MD to discuss securing the ICT supply chain.
Click Here to View Agenda & Presentations
{Oct. 12, 2012} -- NIST Interagency Report (NIST IR) 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems was published.
General Inquires
scrm-nist@nist.gov
Jon Boyens
Project Lead
boyens@nist.gov
301-975-5549
Celia Paulsen
Technical Lead
celia.paulsen@nist.gov
301-975-5981
The Information and Communications Technology (ICT) supply chain is a globally distributed, interconnected set of organizations, people, processes, services, products, and other elements. It extends across the full Systems Development Life Cycle including Research and Development (R&D), design, acquisition of custom or Commercial-off-the-Shelf (COTS) products, delivery, integration, operations, and disposal/retirement.
Federal agency information systems, which rely on COTS hardware and software, are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of ICT products and the growing speed and scale of a complex, distributed global supply chain. Federal agencies increasingly lack understanding, visibility and control of the processes and practices used to create and deliver hardware and software products and services that are contracted out, especially beyond the prime contractor. This deficiency increases the risk of exploitation of supply chain vulnerabilities and makes it increasingly difficult for Federal agencies to understand and manage their supply chain risks. Some of the threats to the ICT supply chain include counterfeit materials, malicious software, and untrustworthy products.
NIST is working with government, industry, academia, and other stakeholders to identify and evaluate technologies, tools, techniques, best practices and standards useful in securing the ICT supply chain. NIST will use this information to develop SCRM tools and a Special Publication on ICT SCRM Best Practices.