The Cybersecurity and Infrastructure Security Agency has released an interim report providing updates on the activities of a task force created in 2018 to help assess and manage risks to the information and communications technology supply chain.
The ICT supply chain risk management task force has four working groups with specific areas of focus, the Department of Homeland Security’s CISA said. The first working group focuses on the sharing of actionable data about supply chain risks, while the second group deals with the evaluation of supply chain threats.
The two other working groups center their efforts on the identification of structures, processes and criteria for establishing Qualified Manufacturer Lists and Qualified Bidder Lists and development of policy recommendations to incentivize the procurement of ICT from authorized resellers and original equipment manufacturers.
Bob Kolasky, assistant director for CISA’s national risk management center, said at the CISA Cybersecurity Summit the ICT task force will kick off discussions about risk management challenges facing small- and medium-sized enterprises.