(Updated 10/25/12 -- See below under Agenda, you will find a link to the final agenda and workshop presentations in same PDF file.)
Risk from the information and communications technology (ICT) supply chain is widely recognized as a principle concern for federal departments and agencies. This risk is seen as the cumulative effect of the growing sophistication of ICT, mounting scale of information systems, and growing speed and complexity of a distributed global supply chain. Federal departments and agencies currently lack sufficient visibility and control throughout the ICT supply chain, which makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. This, in turn, increases the risk of exploitation of the supply chain through a variety of means including counterfeit materials, malicious software, or untrustworthy products.
There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. However, the ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations.
NIST seeks to engage all stakeholders to:
All interested stakeholders are invited to participate. Results of this workshop will help direct future NIST efforts in the area of ICT SCRM.
Final Agenda AND Links to Presentations - 10/25/12
ICT Supply Chain Risk Management
= = = = =
NIST announces the Release of a Report by the University of Maryland on ICT supply chain initiatives and framework for defining architectures.
NIST is pleased to announce the release of a report by the University of Maryland's Supply Chain Management Center. The report, which stems from a NIST grant, inventories existing ICT supply chain initiatives and formulates a framework for defining ICT supply chain risk management (SCRM) architectures. The report builds on the work from a previous NIST grant to the University of Maryland, which profiles the ICT SCRM governance strategies and practices of over 200 key Federal government vendors. These reports will help guide NIST's work in the area of ICT SCRM.
Start Date: Monday, October 15, 2012
End Date: Tuesday, October 16, 2012
Location: NIST/Gaithersburg, MD
Audience: Industry, Government, Academia
Computer Security Division
Billing / registration (Federal Business Council (FBC)) - Note: FBC handles all of NIST's event billing and on-line registrations.