The Cybersecurity and Infrastructure Security Agency (CISA) has released a report stating the progress of its task force on protecting the Information and Communications Technology (ICT) supply chain over the past two years.
CISA said in the report that the ICT Supply Chain Risk Management Task Force was able to develop reference material for information sharing across the industrial base and create a working group focused on assessing COVID-19 impacts on the ICT supply chain.
The task force also updated its Threat Evaluation Report for identifying and mitigating threats to suppliers, established SCRM compliance assessment templates and reached out to supply-chain programs suitable for task-force coordination.
Other SCRM developments include helping build the foundation for vendor assurance mechanisms such as lists for qualified manufacturers and bidders. CISA noted in the report that it seeks to strengthen partnerships with the government, industry and other relevant entities in ICT security moving forward.
“[ICTs] are integral for the daily operations of the American economy and national security,” the report states.
“Vulnerabilities in the ICT supply chain, composed of hardware, software, and services from third-party vendors, suppliers, service providers, and contractors, could affect all users of that technology. ICT components are also the foundational building blocks of a broad range of critical infrastructure systems.”