Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

ICT Supply Chain Risk Management (SCRM) Workshop


(Updated 10/25/12 -- See below under Agenda, you will find a link to the final agenda and workshop presentations in same PDF file.)

Risk from the information and communications technology (ICT) supply chain is widely recognized as a principle concern for federal departments and agencies. This risk is seen as the cumulative effect of the growing sophistication of ICT, mounting scale of information systems, and growing speed and complexity of a distributed global supply chain. Federal departments and agencies currently lack sufficient visibility and control throughout the ICT supply chain, which makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. This, in turn, increases the risk of exploitation of the supply chain through a variety of means including counterfeit materials, malicious software, or untrustworthy products.

There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. However, the ICT supply chain discipline is in an early stage of development with diverse perspectives on foundational ICT supply definitions and scope, disparate bodies of knowledge, and fragmented standards and best practice efforts. Additionally, there is a need to identify the available and needed tools, technology, and research related to ICT supply chain risk and better understand their benefits and limitations.

NIST seeks to engage all stakeholders to:

  • 1) Discuss the fundamental underpinnings of ICT SCRM (terms, definitions, characterizations),
  • 2) Identify and evaluate current and needed commercially reasonable ICT SCRM-related standards and practices (need, scope, and development approach),
  • 3) Identify current and needed ICT SCRM tools, technology and techniques useful in securing the ICT supply chain, and
  • 4) Identify current and needed research and resources.

All interested stakeholders are invited to participate. Results of this workshop will help direct future NIST efforts in the area of ICT SCRM.

Related Project(s):

ICT Supply Chain Risk Management

= = = = =

NIST announces the Release of a Report by the University of Maryland on ICT supply chain initiatives and framework for defining architectures.

NIST is pleased to announce the release of a report by the University of Maryland's Supply Chain Management Center. The report, which stems from a NIST grant, inventories existing ICT supply chain initiatives and formulates a framework for defining ICT supply chain risk management (SCRM) architectures. The report builds on the work from a previous NIST grant to the University of Maryland, which profiles the ICT SCRM governance strategies and practices of over 200 key Federal government vendors. These reports will help guide NIST's work in the area of ICT SCRM. 


Start Date: Monday, October 15, 2012
End Date: Tuesday, October 16, 2012
Location: NIST/Gaithersburg, MD
Audience: Industry, Government, Academia
Format: Workshop


Computer Security Division


Registration Contact:

NIST Conference Office:
Mary Lou Norris, marylou.norris@nist.gov, 301-975-2002
Teresa Vicente, teresa.vicente@nist.gov  

Billing / registration (Federal Business Council (FBC)) - Note: FBC handles all of NIST's event billing and on-line registrations.
George Hall, george@fbcinc.com, 800-878-2940 x208

Technical Contact:

Celia Paulsen, celia.paulsen@nist.gov, 301-975-5981
Jon Boyens, jon.boyens@nist.gov, 301-975-5549