In order to affect processes and outcomes, the ICT team works across the board to enhance DoD policies to support new threat to the ICT supply chain environment by engaging in:
- Efforts to develop integrated C-SCRM policy framework (e.g. illumination, evaluation criteria, information sharing, and resilience)
- The develop and sharing of metrics to measure supply chain risks & mandate annual reporting of risks
- Streamline the 3252 and Scoping and Mitigations Roles/Responsibilities
ICT-SCRM Risk Mitigation Policies
NIST SP 800-53,rev 5 Security and Privacy Controls for Information Systems and Organizations
NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
NIST SP 800-218, Secure Software Development Framework v.1.1, Recommendations for Mitigating the Risk of Software Vulnerabilities
CNSSI 1253, Security Categorization and Control Selection for NSS
DODI 5200.44 Trusted Systems and Networks
DoDI 5000.90 Cybersecurity for Acquisition Decision Authorities and Program Managers