Sorry, you need to enable JavaScript to visit this website.
Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.


  1. Home
  2. Supply Chain

Supply Chain

Get Started

A robust supply chain risk management program illuminates potential security risks and provides countermeasures to fortify your organization's supply chain. Successful programs need enterprisewide commitment involving multiple disciplines, comprehensive information sharing, and adherence to best practices.

This course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the Risk Management Framework, and the NIST publications related to each step.

Chain image background

More Supply Chain Risk Security Resources

This resource guides organizations to use all available security disciplines (e.g., acquisition, personnel, logistics, facilities) to enhance their supply chain security and remove opportunities for exploitation.

Maturing your cyber threat hunting capability requires resource planning and a fully integrated supply chain risk management program. This resource provides an overview of the Cyber Threat Hunting Maturity Model (HMM) which helps to identify the level of security controls in an organization.

This guidance outlines significant foreign adversarial supply chain attack methods utilized by the People's Republic of China (PRC), critical lessons learned, and suggests mitigations that corporate security stakeholders can tailor for their own risk management strategy. 

Developed by the ICT Supply Chain Risk Management Task Force, the handbook and this fact sheet provide an overview of the highest supply chain risk categories commonly faced by Small and Medium-sized Businesses (SMB), including cyber risks, and contains several use cases that can assist ICT SMBs in identifying the necessary resources to implement ICT supply chain security practices.

Developed by the ICT Supply Chain Risk Management Task Force, the resource guide provides a valuable starting point for Small and Medium-sized Businesses (SMB) to develop and tailor an ICT SCRM plan that meets the needs of their business. The Task Force SMB Resource Guide is a supportive tool that an organization can leverage to establish an actionable SCRM plan that will support the mitigation of risks and disruptions to their supply chains.

This one-page guide provides nine best practices for organizations to manage their supply chain risk.

This report evaluates the current supply chain conditions facing the Information and Communications Technology industry, identifies key risks that threaten to disrupt those supply chains, and proposes a strategy to mitigate risk and strengthen supply chain resiliency.

This Framework addresses risk topics relevant to the reliance on others who make risk decisions about matters in which they are not the risk owners. The Framework also addresses means to identify and county supply chain attacks that can exploit products and processes throughout the supply chain lifecycle.

The ONSAT provides any organization a comparative understanding of the supply chain risks associated with outsourcing network services to second and third party vendors. Also see: User Manual

This library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources provide a better understanding of the wide array of supply chain risk management (SCRM) efforts and activities underway or in place.