Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Supply Chain Risk Management C-SCRM

Federal Cyber Supply Chain Risk Management Forum

The Federal C-SCRM Forum fosters collaboration and the exchange of cybersecurity supply chain risk management (C-SCRM) information among federal organizations to improve the security of federal supply chains.

Through periodic meetings and informal exchanges, the Forum offers all agencies that depend upon or guide C-SCRM an opportunity to discuss issues of interest with – and to inform – many of those leading C-SCRM efforts in the federal ecosystem, including the Office of Management and Budget (OMB), the Department of Defense (DOD), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), the General Services Administration (GSA), and the National Institute of Standards and Technology (NIST). The Forum is hosted by NIST.

The Forum is open to all federal employees (and direct contract support) who have a dedicated and recurring responsibility for performing one or more C-SCRM functions. Participation is highly encouraged for personnel with C-SCRM roles and responsibilities, across a broad spectrum of discipline areas, including but not limited to: acquisition, information technology management, software development, engineering, information security, legal, enterprise risk management, logistics, and mission/program officials.  


  • Offer an ongoing opportunity for federal practitioners of C-SCRM to strengthen their relationships and share information with peers and policy makers
  • Build upon the experience and lessons learned from others, and gain greater situational awareness across multiple domains by drawing on a large pool of diverse expertise
  • Promote awareness and a common understanding of C-SCRM terms, authorities, functions, and key roles and responsibilities
  • Facilitate the dissemination of useful C-SCRM aids, templates, and reference materials
  • Increase knowledge and capabilities by providing a venue wherein participants can learn about the latest advancements in cyber supply chain standards, practices, tools, and technologies
  • Increase transparency and streamline efforts by identifying areas of common need and promoting the development and use of viable, common solutions and shared services
  • Inform OMB, DOD, CISA, ODNI, GSA, and NIST priorities, policies, tools, and guidance for federal work on C-SCRM

Federal C-SCRM Forum Participation & Email ListServ Information


Supply Chain General Inquiries

Jon Boyens - Project Lead - NIST

Rebecca McWhite - Technical Lead - NIST

Jeff Brewer - NIST

sw.assurance Google Group

Created May 24, 2016, Updated May 06, 2024