ICT Supply Chain Risk Management (SCRM) Workshop

Federal agency information systems are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of information and communications technologies (ICT) and the growing speed and scale of a complex, distributed global supply chain. Federal departments and agencies currently lack sufficient visibility and control throughout the ICT supply chain, which makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. This, in turn, increases the risk of exploitation of the supply chain through a variety of means including counterfeit materials, malicious software, or untrustworthy products.

The ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations.

NIST seeks to engage all stakeholders to:

• 1) Discuss and develop the fundamental underpinnings of ICT SCRM (lexicon, taxonomy, scope, need, and development approach),
• 2) Evaluate current and needed commercially reasonable ICT SCRM practices and related standards,
• 3) Identify ICT SCRM tools, technology and resources, and
• 4) Identify current and needed research and identify and evaluate technologies, tools, techniques, best practices and standards useful in securing the ICT supply chain.

TBD.

Please note that there are now additional requirements for visitor vehicles entering the campus. When a Guest/Visitor checks in at the NIST Visitor Center at Gate A and intends to drive into the campus, they will have to show two documents: a Photo ID (State issued driver's license, Federal ID or passport) and a Vehicle Registration card. If a guest does not have a valid vehicle registration, they will be required to park at the Visitor Center and take the NIST Campus Shuttle. Visitors driving rental cars can show their rental agreement in lieu of vehicle registration.

Once you leave the Visitor Center, you will be asked to show the name badge you picked up and a photo ID before being admitted onto the campus.

The NIST Conference office coordinates security instructions with registered attendees directly.

ICT Supply Chain Risk Management
http://scrm.nist.gov/

= = = = =

NIST announces the Release of a Report by the University of Maryland on ICT supply chain initiatives and framework for defining architectures.

NIST is pleased to announce the release of a report by the University of Maryland's Supply Chain Management Center. The report, which stems from a NIST grant, inventories existing ICT supply chain initiatives and formulates a framework for defining ICT supply chain risk management (SCRM) architectures. The report builds on the work from a previous NIST grant to the University of Maryland, which profiles the ICT SCRM governance strategies and practices of over 200 key Federal government vendors. These reports will help guide NIST's work in the area of ICT SCRM. 

TBD.