Duration:

1 Day

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Overview:

In the modern threat landscape, your security is only as strong as your weakest vendor. Supply Chain Risk Management (SCRM) is now a critical component of the RMF lifecycle, emphasizing that cyber risks often enter organizations through third-party hardware, software, and services.

This course provides a strategic and practical understanding of how to protect the DoD and Federal Supply Chain. We move beyond basic concepts to discuss the implementation of the new SR (Supply Chain Risk Management) family of controls introduced in NIST SP 800-53 Revision 5.

Course Outline:

• Establish C-SCRM team, determine roles and responsibilities.
• Basis for determining whether a technology, service, system component, or system is fit for purpose, and as such, the controls need to be tailored accordingly.
• Address requirements for developing trustworthy, secure, privacy-protective, and resilient system components and systems.
• Addresses managing, implementation, and monitoring of C-SCRM controls
• Determine C-SCRM risk tolerance
• Identifying and assessing C-SCRM risks
• Determining appropriate risk response actions and acceptable C-SCRM risk mitigation strategies or controls.
• Description of and justification for C-SCRM mitigation measures taken
• Monitoring performance against plans
• Specify documentation protection requirements.
• Providing training, education, and awareness programs for personnel regarding C-SCRM, available mitigation strategies
• Train personnel to detect counterfeit system components