U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  1. Home
  2. Supply Chain

Supply Chain

Get Started

A robust supply chain risk management program illuminates potential security risks and provides countermeasures to fortify your organization's supply chain. Successful programs need enterprisewide commitment involving multiple disciplines, comprehensive information sharing, and adherence to best practices.

Education icon

Risk Management Framework (RMF) for Systems and Organizations Introductory Course

This course describes at a high-level the importance of establishing an organization-wide risk management program, the information security legislation related to organizational risk management, the steps in the Risk Management Framework, and the NIST publications related to each step.

Chain image background

More Supply Chain Risk Management Resources

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbo…

Developed by the ICT Supply Chain Risk Management Task Force, the handbook and this fact sheet provide an overview of the highest supply chain risk categories commonly faced by Small and Medium-sized Businesses (SMB), including cyber risks, and contains several use cases that can assist ICT SMBs in identifying the necessary resources to implement ICT supply chain security practices.

Supply Chain Best Practices

This one-page guide provides nine best practices for organizations to manage their supply chain risk.

Assessment of the Critical Supply Chains Supporting the U.S. Information and Co…

This report evaluates the current supply chain conditions facing the Information and Communications Technology industry, identifies key risks that threaten to disrupt those supply chains, and proposes a strategy to mitigate risk and strengthen supply chain resiliency.

Framework for Assessing Risks

This Framework addresses risk topics relevant to the reliance on others who make risk decisions about matters in which they are not the risk owners. The Framework also addresses means to identify and county supply chain attacks that can exploit products and processes throughout the supply chain lifecycle.

Outsourcing Network Services Assessment Tool (ONSAT)

The ONSAT provides any organization a comparative understanding of the supply chain risks associated with outsourcing network services to second and third party vendors. Also see: User Manual

Supply Chain Risk Management Essentials

This library is a non-exhaustive list of free, voluntary resources and information on supply chain programs, rulemakings, and other activities from across the federal government. The resources provide a better understanding of the wide array of supply chain risk management (SCRM) efforts and activities underway or in place.

NTIA Initiatives