U.S Air Force implementation of Cyber-Supply Chain Risk Management (C-SCRM) presented at SupplyChainCybersecuritySummit 2019

by Alyssa Feola,

Summary : This presentation will show how the Air Force is addressing C-SCRM activities as they relate to hardware assurance, software assurance, and trusted systems and networks. Topics include tasks associated with identifying assets in the inventory, getting threat information to the appropriate decision-makers, and having the right governance, risk, and compliance frameworks (such as the Cybersecurity Framework and Risk Management Framework) established and sufficiently mature to carry out the activities necessary. The presentation will cover various methodologies that can be used to conduct vendor and supplier assessments as well as the activities needed to leverage the vulnerability management process. The presentation will also look at some of the lessons learned from out-of-date and abandoned software.