Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

❮   Back to News

April 26, 2021

April is Supply Chain Awareness Month

By Christopher DeRusha, Federal Chief Information Security Office

Tags:

This month marks the four-year anniversary of National Supply Chain Integrity Month—an initiative established by Federal agencies to raise awareness of pervasive threats to U.S. supply chains. Most recently, the SolarWinds incident has brought increased public attention to software supply chain hacks and further illustrates the need for greater awareness.

As the Federal Chief Information Security Officer, supply chain security is one of my top priorities. In partnership with the Office of the Director of National Intelligence National Counterintelligence and Security Center (NCSC), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense and other Government and industry partners, we are promoting a “call to action” for organizations across the country to work together to strengthen global supply chains.

To promote increased awareness during the month of April, CISA outlined a weekly themed approach. As we kick-off week four, “Knowing the Essentials”, organizations should ensure they are following key principles recommended by CISA to enhance supply chain resiliency, which include:

  • Diversify Suppliers: A single source of goods or services is a single point of failure.
  • Mitigate Third-Party Risks: Conduct robust due diligence on suppliers, understand their security practices and set minimum standards for them. Incorporate security requirements into third-party contracts and monitor compliance throughout the lifecycle of a product or service.
  • Identify and Protect Crown Jewels: Map the location and status of essential assets and prioritize their protection. Monitor systems and network performance to minimize impact of disruptions.
  • Ensure Executive-Level Commitment: Name a senior executive as owner of supply chain risk and include stakeholders across the enterprise in the risk mitigation program. Communicate across the organization to ensure buy-in and establish training and awareness programs.
  • Strengthen Partnerships: Information exchange between government and industry on current threat information and security best practices is paramount.

You can learn more about CISA’s efforts by visiting their National Supply Chain Integrity Month website and by visiting the NCSC’s Awareness website.

❮   Back to News