What Is Supply Chain Risk Management (SCRM)?

What supply chain risks exist?

According to the National Institute of Standards and Technology (NIST), examples of supply chain risk include:

• Counterfeits and unauthorized production
• Tampering
• Theft
• Insertion of malicious software and hardware
• Poor manufacturing and development practices

What are some ramifications of attacks on the supply chain?

Supply chain attacks can lead to:

• Data loss
• Financial loss
• Compromise of product integrity or safety
• Brand and reputation damage
• Legal exposure
• Loss of life

What makes SCRM difficult?

Suppliers are outside entities that offer varying levels of transparency into their business policies and practices. Without visibility and industry standards, it's difficult to assess the level of risk that suppliers may introduce into your organization.

What is C-SCRM?

Cyber SCRM (C-SCRM) addresses potential risks to the IT, OT, and communications technologies that are essential to your organization's mission. It even includes cybersecurity vendors and the products, software, and services that defend your organization against cyber attacks.

What SCRM best practices are available?

While there are many sources of best practices, the NIST makes many publications freely available.

What innovative C-SCRM approaches are there?

The U.S. Department of Defense (DoD) relies on hundreds of contractors and research institutions, which could introduce supply chain risk. Of particular concern is the security of sensitive information the department holds. Its new Cybersecurity Maturity Model Certification (CMMC) is an innovative program that aims to ensure its suppliers properly protect DoD data from cyber attacks.