Cyber-Supply Chain Risk Management (C-SCRM)

GSA to set baseline requirements for cloud providers through Ascend


Requirements will emphasize Cloud Smart objectives and cybersecurity supply chain risk management while providing agencies an open source experience.

Watchdog finds just two DOJ agencies adhering to supply chain risk requirements


The DOJ’s Office of Inspector General carried out an audit of cyber-supply chain risk management compliance across the department.

NIST gives agencies new guidance to prepare for next SolarWinds-like hack


During the 2020 SolarWinds hack, bad actors were able to access thousands of networks inside and outside government.

Agencies underscore software vulnerabilities in supply chain assessments


The pandemic revealed an overreliance on software developers with opaque supply chains and a high risk of "cascading effects" should their products be compromised.

DHS wants to know how cyber-hygiene contract clauses are affecting vendors


A sample of vendors will soon receive a questionnaire from the agency.