C-SCRM Forum From Policy to Implementation
Cybersecurity Supply Chain Risk Management (C-SCRM) is an integrative discipline combining elements of cybersecurity, supply chain management, acquisition, and enterprise risk management into a powerful concept to exert strategic control over the end-to-end processes of the organization and its extended enterprise partners.
As defined by many organizations and government, C-SCRM is the process of ensuring the integrity of your supply chain’s supporting systems and data. This includes identifying, assessing, and mitigating the risk associated with the interconnected nature of information/operational technology and service supply chains. Since the supply chain can be compromised at any point where technology is leveraged, C-SCRM applies to both hardware and software and covers the entire life cycle of those systems.
The ACT-IAC and GSA Private and Public C-SCRM Working Group has been supporting this government priority to assess and develop Cybersecurity and Acquisition Integrity Best Practices and Lessons learned to minimize supply chain risks across the globe and to strengthen the C-SCRM acquisition process government-wide.
The primary focus of this forum is to provide an update from both government and industry on the activities to date with the working group, status of C-SCRM efforts and collaboration initiatives, and plans for moving forward.
OBJECTIVES:
• Obtain an understanding of the critical importance of C-SCRM for federal networks and infrastructure
• Learn the strengths and capabilities in C-SCRM practices in both government and industry
• Obtain updates on best practices and lessons learned