Cyber Security

SCRM Links

The following links are provided as a courtesy. They should not be interpreted as an endorsement of the named organizations' products or services.


Wikipedia: Supply chain risk management
Wikipedia: Supply chain
Wikipedia: Risk management
Wikipedia: Supplier
Wikipedia: Vendor
Wikipedia: Software assurance
Wikipedia: Governance

Defense Department

DoDI 5000.90: Cybersecurity for Acquisition Decision Authorities and Program Managers
DoDI 5200.44: Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN)
DoDI 4140.01: DoD Supply Chain Materiel Management Policy
DoDM 4140.01, Vol 1: DoD Supply Chain Materiel Management Procedures: Operational Requirements
Defense Science Board: Cyber Supply Chain
OSD: Joint Federated Assurance Center
DARPA: Supply Chain Hardware Integrity for Electronics Defense (SHIELD)
DARPA: High-Assurance Cyber Military Systems (HACMS)
DARPA: Cyber Assured Systems Engineering (CASE)
DARPA: System Security Integrated Through Hardware and Firmware (SSITH)
Air Force: Optimizing Acquisition Strategy of Secure and Reliable Electronic Components

Intelligence Community

DNI: Supply Chain Risk Management
CNSS Directive 505: Supply Chain Risk Management
Intelligence Community Directive (ICD) 731 Supply Chain Risk Management
Intelligence Community Standard (ICS) 731-01 Supply Chain Criticality Assessments
Intelligence Community Standard (ICS) 731-02 Supply Chain Threat Assessments
Intelligence Community Standard (ICS) 731-03 Supply Chain Information Sharing

Federal Government

NIST: Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161)
NIST: NISTIR 8276 Key Practices in Cyber Supply Chain Risk Management: Observations from Industry
NIST: National Vulnerability Database
NIST: SP 800-70 Rev 4, National Checklist Program for IT Products - Guidelines for Checklist Users and Developers
NIST: SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations
NIST: National Vulnerability Database Data Feeds
DHS CISA: Information and Communications Technology Supply Chain Risk Management Task Force Year 2 Report
DHS CISA: Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force
DHS CISA: Supply Chain Risk Management
DHS: National Strategy for Global Supply Chain Security
DHS: Cyber Assessments, evaluations, and Reviews
ODNI: Supply Chain Risk Management
FCW: Supply chain task force lays groundwork for new restrictions
GovCon: Government Focused on Securing the Cyber Supply Chain


University of Maryland: ICT Supply Chain Risk Management
University of Maryland: CALCE
University of Maryland: CALCE Symposiums
University of Maryland: SCMC
BYU: Organizational commitment and governance for supply chain success
MIT: Emerging Trends in Supply Chain Governance
Morgan State University: CREAM
Stony Brook University: DNA Marking and Authentication
University of Connecticut: CHASE
University of Lehigh: CSCR
University of Southern California: SURE

Internet Resources

7 things you should consider before writing any supply chain policy
Governance, Leadership and Ethics in Supply Chain
Scott Madden: Supply Chain Governance
Deloitte: Supply Chain Risk Management: Taking a C-suite View
3 Key Strategies to Mitigate Modern Supply Chain Risks
5 Critical Supply Risk Mitigation Principles for Your Sourcing Process
10 Tips to Mitigate Supply Chain Risk
Checklist: 4 Steps Covering Risk Mitigation Through the Entire Supplier Lifecycle
Risk Mitigation in the Supply Chain
10 Best Practices for Supply Chain Vendor Management
Supply Chain Management (SCM)

Professional Organizations

Electronics Components Industry Association (ECIA)
Independent Distributors of Electronics Association (IDEA)
International Electronics Manufacturing Initiative (iNEMI)

Research Laboratories

Battelle: Barricade
Draper Labs: Military counterfeit electronics
MITRE: Common Weakness Enumeration (CWE)
MITRE: Structured Cyber Resiliency Analysis Methodology (SCRAM)
MITRE: Cyber Resilience Metrics: Key Observations
MITRE: The Risk Management Framework and Cyber Resiliency


DataDot Technology (DDT): DataDot DNA
Fraunhofer IPM
SILICON CERT Laboratories
SiliconExpert Technologies