April is National Supply Chain Integrity Month, and CISA is promoting a call to action to “Fortify The Chain”.
One of the key efforts for the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force is identifying processes and criteria for threat-based evaluation of ICT suppliers, products, and services. In the latest release of the Threat Scenarios Report, Supplier, Products, and Services Threat Evaluation (to include Impact Analysis and Mitigation), Version 3.0, the Task Force used threat evaluation methodology to add the assessment of threats and impacts to products and services in the supply chain, and include scenario-specific impacts and mitigating controls to the supplier threat scenarios.
Acquisition professionals in government and industry can use this guidance during procurement or source selection to assess supply chain risks and develop practices/procedures to manage the potential impact of these threats. The report’s process and resulting narratives not only serve as a baseline evaluation of specific SCRM threats, but also can be used as additional guidance for applying the NIST Risk Management Framework.
Additionally, this process can be extended for evaluating products and services, as well as replicated for other critical infrastructure providers.
If you would like to learn more about making your manufacturing facility more resilient, contact your Local Solutions Consultant today to schedule a free consultation.