Chain Guard
Chain Guard
  • Home
  • Methodology
  • SCRM DOCUMENTS
  • More
    • Home
    • Methodology
    • SCRM DOCUMENTS
  • Home
  • Methodology
  • SCRM DOCUMENTS

U.S. Government Supply Chain Risk Management Documentation

 

1. Department of Defense – Office of the Under Secretary of Defense for Acquisition & Sustainment (OUSD(A&S))

  • Focus: DoD-wide supply chain risk policies, Trusted Capital, CMMC, SCRM policy oversight.
     
  • Sub-offices: Industrial Base Policy, Defense Production Act Office, Defense Contract Management Agency (DCMA).
     

2. Department of Homeland Security – Cybersecurity and Infrastructure Security Agency (CISA)

  • Focus: National critical infrastructure protection and IT/OT supply chain threat awareness.
     
  • Programs: ICT SCRM Task Force, National Risk Management Center (NRMC).
     

3. Office of the Director of National Intelligence (ODNI) – National Counterintelligence and Security Center (NCSC)

  • Focus: Insider threat, foreign influence, and counterintelligence threats in federal supply chains.
     
  • Program: Supply Chain and Cyber Directorate.
     

4. National Security Agency (NSA) – Cybersecurity Directorate

  • Focus: Defense Industrial Base (DIB) threat intel sharing, SCRM advisory on secure technologies.
     
  • Engagements: Enduring Security Framework (ESF) and partnerships with industry.
     

5. Department of Energy (DOE) – Office of Cybersecurity, Energy Security, and Emergency Response (CESER)

  • Focus: Securing the energy sector supply chain from cyber and physical threats.
     
  • Initiatives: Energy Sector SCRM Framework, coordination with FERC/NERC.
     

6. Defense Counterintelligence and Security Agency (DCSA)

  • Focus: Vetting and oversight of cleared contractors, foreign ownership control/influence (FOCI), and facility clearance SCRM.
     
  • Role: Central to safeguarding DoD-cleared contractor supply chains.
     

7. National Institute of Standards and Technology (NIST)

  • Focus: SCRM standards development and federal guidance.
     
  • Publications: SP 800-161 Rev. 1 (Supply Chain Risk Management Practices for Federal Systems and Organizations), NIST Cybersecurity Framework updates.
     

8. Federal Acquisition Security Council (FASC)

  • Focus: Government-wide coordination to exclude or remove risky IT/communication technologies from federal use.
     
  • Authority: Can issue exclusion orders across executive agencies.
     

9. Department of Commerce – Bureau of Industry and Security (BIS)

  • Focus: Technology transfer, export controls, and entity listings impacting supply chain sourcing.
     
  • Influence: Critical in identifying and restricting foreign vendors and suppliers.
     

10. U.S. Cyber Command / Joint Force Headquarters–DODIN

  • Focus: Active defense of DoD networks and infrastructure, including monitoring SCRM-related cyber risks to the Defense Industrial Base.

Files coming soon.

Copyright © 2025 Chainguard - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept