A supply chain task force for information and communications technology (ICT) that is overseen by the Department of Homeland Security has approved a new working group that will help the private sector demonstrate that their best practices for risk management are sound.
"Securing global ICT supply chains remain an international business imperative for IT sector companies and customers and is essential to security in the United States and worldwide," John Miller, senior vice president of Policy at the Information Technology Industry Council and co-chair of the ICT Supply Chain Risk Management (SCRM) Task Force, said in a statement on Wednesday. "The new Task Force working group will focus on developing actionable recommendations that will help private sector entities of all sizes demonstrate the effectiveness and accountability of their supply chain security programs and practices."
The new working group will "develop attestation frameworks around various aspects of supply chain risk management best practices," the DHS Cybersecurity and Infrastructure Security Agency (CISA) said following a meeting of the task force to discuss its next phase of work. The task force is in its second year and three of its working groups set up in the first year around information sharing, threat evaluation, and qualified bidder and qualified manufacturer lists will continue CISA said.
This year, the public-private task force approved recommendations from its existing working groups, including calling for a federal acquisition rule to incentivize the purchase of ICT products from original equipment manufacturers and authorized resellers to prevent the purchase of counterfeit items.
CISA said the new working group complements existing supply chain attestation activities elsewhere in the federal government and is part of a larger effort by the task force to address concerns of small and medium-sized businesses.
"The goal is to empower stakeholders across the ICT ecosystem to make risk-informed decisions that increase trust across their supply chains," Bob Kolasky, assistant director for the National Risk Management Center at CISA and co-chair of the task force, said in a statement.