Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a guide titled Operationalizing the Vendor SCRM Template for Small and Medium-sized Businesses to help IT and Communications small and medium-sized businesses (SMBs) assess their Information Communication Technology (ICT) supply chain risk posture when procuring new ICT or acquiring new contracts from the perspective of the acquirer, integrator, and supplier.
The guide was the product of several months of effort from a SMB working group created in January by the ICT Supply Chain Risk Management (SCRM) Task Force to identify opportunities to tailor existing Task Force products to make them more accessible, relevant, and usable for SMBs. Ola Sage, CyberRx CEO, served as a co-Chair of the working group.
“I’m delighted that this guide is now available to thousands of IT and Communications SMBs who want better visibility about ICT supply chain risks before they make purchasing decisions,” said Ola Sage. “We have already used the guide at CyberRx to help guide our decision making when engaging third-party vendors. It works.”
The enterprise Vendor SCRM Template, a product of an earlier Task Force working group, served as the foundational document used by the SMB working group to identify use cases commonly encountered by small and medium-sized IT and communications providers. Questions from the Vendor SCRM template most relevant to SMBs were then selected for each use case.
For more information about the ICT SCRM Task Force and available resources, visit www.CISA.gov/supply-chain
CyberRx is a cybersecurity risk and compliance company. Headquartered in Silver Spring, MD, the company conducts assessments for enterprises of all sizes with a focus on organizations in regulated industries and companies who own, operate, or support U.S. critical infrastructure. The company’s software-guided risk and compliance assessment tool helps organizations determine their cybersecurity posture and gives them the guidance to build credible and successful cybersecurity programs. For more information about CyberRx, visit https://cyber-rx.com.