Piloting Supply Chain Risk Management Practices for Federal Information Systems

Piloting Supply Chain Risk Management Practices for Federal Information Systems

Your supply chain is one of the most critical-and vulnerable-data pipelines for your organization. This policy document is a starting point for a broader initiative to lock down your supply chain to outside and inside threats.

Supply chain attacks may involve manipulating computing system hardware, software or
services at any point during the life cycle. Supply chain attacks are typically
conducted or facilitated by individuals or organizations that have access through
commercial ties, leading to stolen critical data and technology, corruption of the
system/infrastructure and/or disabling of mission-critical operations.

Organizations must assess and manage supply chain risks to ensure mission success.
The goal of this document is to help manage these supply chain risks by providing
organizations with a defense-in-breadth toolset of supply chain assurance programmatic
activities that the organization implements as well as general and technical
requirements that the organization can place in contractual documents. This document
represents a component of a broader supply chain risk management strategy that includes
a variety of policies, standards, regulatory changes and implementation frameworks.

The attached Zip file includes:

• Intro Page.doc
• Cover Sheet and Terms.doc
• Piloting Supply Chain Risk Management Practices for Federal Information
  Systems.pdf