
Get Started
A robust supply chain risk management program illuminates potential security risks and provides countermeasures to fortify your organization's supply chain. Successful programs need enterprisewide commitment involving multiple disciplines, comprehensive information sharing, and adherence to best practices.
This course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the Risk Management Framework, and the NIST publications related to each step.

More Supply Chain Risk Management Resources
Developed by the ICT Supply Chain Risk Management Task Force, the handbook and this fact sheet provide an overview of the highest supply chain risk categories commonly faced by Small and Medium-sized Businesses (SMB), including cyber risks, and contains several use cases that can assist ICT SMBs in identifying the necessary resources to implement ICT supply chain security practices.
This one-page guide provides nine best practices for organizations to manage their supply chain risk.
This report evaluates the current supply chain conditions facing the Information and Communications Technology industry, identifies key risks that threaten to disrupt those supply chains, and proposes a strategy to mitigate risk and strengthen supply chain resiliency.
This Framework addresses risk topics relevant to the reliance on others who make risk decisions about matters in which they are not the risk owners. The Framework also addresses means to identify and county supply chain attacks that can exploit products and processes throughout the supply chain lifecycle.
The ONSAT provides any organization a comparative understanding of the supply chain risks associated with outsourcing network services to second and third party vendors. Also see: User Manual
This library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources provide a better understanding of the wide array of supply chain risk management (SCRM) efforts and activities underway or in place.