Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Intelligent Utility
Richard "Dick" Brooks
Richard "Dick" Brooks
Expert Member
Top Contributor
 · Posted in Intelligent Utility

ICT Supply Chain Risk Management Task Force | CISA

Very happy to see this important work continuing until 2026.

This Task Force has been very productive and it is a model for how public-private partnerships are supposed to work. This is a testament to all the good work that CISA NRMC is doing and will continue to do into the future. Here are a sampling of the key deliverables provided by the Task Force:

In 2023, the Task Force released three products including:  

 ·       Small and Medium-Sized Businesses (SMB) Resource Handbook. This Handbook provides an overview of the most critical supply chain risk categories commonly faced by ICT SMBs and provides resources that can assist SMBs mitigate against these risks.

·       Empowering Small and Medium-Sized Businesses Resource Guide. This Guide offers businesses the tools to develop an actionable supply chain risk management plan to mitigate the risk of disruption to their supply chain, enhance supply chain resilience, and satisfy requests from stakeholder procurement processes.

·       Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management. This product provides a baseline Framework for organizations to consider when building their own HBOM. The Framework includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate depending on the purpose for which the HBOM will be used. 

The Task Force is also working on a Software Acquisition Buyers Guide that aims to help federal procurement officials and software suppliers satisfy secure by design initiatives by providing guidance to properly implement the NIST Guidance provided by OMB to satisfy Executive Order 14028 requirements identified in the CISA "Common Attestation Form". The Software Assurance Buyers Guide is currently in draft form and is expected to be officially published this year.

Hoping the Task Force will be able to work on providing the public with tools to help provide "radical transparency" into the trustworthiness for digital products, especially software available over the Internet.