Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Supply Chain Risk Management C-SCRM

Federal C-SCRM Forum Participation and Email Listserv Information

Participation in the Forum, including events and online exchanges, is open to federal C-SCRM program managers or other federal personnel who have a dedicated and recurring responsibility for performing one or more C-SCRM functions. Federal contractors who provide direct C-SCRM programmatic support may also participate upon request by their federal sponsor and approval by the Forum co-hosts.

The Forum may establish working groups or study groups and welcomes all suggestions to the co-hosts.

NIST is hosting the Forum as part of its mandate under the SECURE Technology Act and the Federal Information Security Modernization Act. Jon Boyens and his team at NIST serve as co-hosts; administrative and logistical support is also provided by NIST.

Federal C-SCRM Forum Meetings

Please see the CSRC Events Page for upcoming Forum meetings and registration information. Staff who support information security programs at U.S. federal, state, and local government levels are welcome to attend.  

Contractors who support U.S. federal, state, and local government employees are also invited to attend Forum meetings. For contractors who do not have a valid .gov or .mil email address, their federal sponsor can send an email to asking that the contractor attend the Forum meeting.

Contractors cannot sponsor other contractors to attend Forum events or join the email listserv.  

Federal C-SCRM Forum Email Listserv

To join the Forum Email Listserv, subscribe at:

Participation in the Forum listserv is limited to U.S. federal, state, and local government employees who participate in the management of their organization’s information security program and have a .gov or .mil email address. Designated support contractors may also join the Forum listserv using a .gov or .mil email address. Requests from personal email addresses will not be approved.

To get a Google account affiliated with your .gov or .mil email, please see:

If your organization's firewall does not allow you to join via the above methods, email A moderator will approve your membership to the Forum. 

Procedural Instructions for Use of Federal C-SCRM Forum Email List:

  1. Use the listserv to share information and ask questions about cybersecurity and privacy issues only. Be aware that all list members receive an email anytime a message is sent to  
  2. PLEASE DO NOT ATTACH ZIP FILES NOR FILES LARGER THAN 10MB. We suggest that any such items be made available ‘upon request.’ 
  3. Members can post responses to listserv questions with the knowledge that all members will receive the response posted. 
  4. Please do not send out personal responses or comments to the list (e.g., “I concur," “thank-you,” etc.). These types of replies should be sent directly to the individual who posted the original message.
  5. NIST reserves the right to unsubscribe members who do not comply with the intent of the service that NIST has provided for Forum use.
  6. Users can manage their own email settings – including updating email addresses, email delivery settings, and unsubscribing – via the Google Group User


Supply Chain General Inquiries

Jon Boyens - Project Lead - NIST

Rebecca McWhite - Technical Lead - NIST

Jeff Brewer - NIST

sw.assurance Google Group

Created May 24, 2016, Updated June 20, 2024