The Cybersecurity and Infrastructure Security Agency published a resource guide to help small- and medium-sized information and communications technology businesses develop a supply chain resilience plan.
The guidance provides recommendations to create a risk management plan that includes a list of critical suppliers, supplier diversity initiatives and a vendor attestation process, CISA said Monday.
The resource guide was formulated by the ICT SCRM Task Force, which has a subgroup specializing in small business needs. According to the task force, ICT enterprises should identify risks related to hardware and software used in operations, set up an alert for scheduled patches and updates and determine the end-of-life of the systems so that they can prepare for a timely transition or upgrade.
The experts also emphasized the importance of service level agreements and regular auditing and monitoring of the performance of their vendors to maintain product and service quality.
“In acknowledging the resource challenges faced by small and medium-sized businesses amidst today’s complex supply chain risks, we’re committed to offering vital support,” said Mona Harrington, CISA assistant director for the National Risk Management Center.
The Potomac Officers Club will host the 2023 Homeland Security Summit on Nov. 15. Registration is now open.
