This is a potential security issue, you are being redirected to https://csrc.nist.gov
Special Publications (SPs)
Security & Privacy
Laws & Regulations
Activities & Products
Computer Security Division
Applied Cybersecurity Division
Date Published: December 2011
University of Maryland, Robert H. Smith School of Business
Under Initiative 11 of the President’s CNCI Program, the National Institute of Standards and Technology (NIST) has been tasked with supporting federal policy development in Supply Chain Risk Management (SCRM) for Information Communications Technology (ICT).
To support NIST’s work, the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland College Park was awarded a grant in August, 2011. Our project attempted to inventory the proliferating array of existing industry and public sector initiatives across diverse ICT segments (software, hardware, networks and system integration services).
It also formulated a ICT SCRM community framework capable of embracing the processes and practices defined in these various initiatives within a single risk management architecture. This framework has three tiers: enterprise risk governance, system integration and operations. Within each tier, we defined a core set of attributes or distinct organizational capabilities.
This framework conferred two broad capabilities: defense in breadth and defense in depth and was intended to enable each of the initiatives to better understand its own relative positioning in the ICT SCRM ecosystem; to highlight distinctive capabilities of and complementarities between initiatives; and to facilitate the identification and assessment of gaps in coverage in the ICT SCRM community.
Security and Privacycyber supply chain risk management; risk management
Laws and RegulationsComprehensive National Cybersecurity Initiative