In a digital world where almost everything is connected, protecting the supply chain of products becomes even more critical to protecting the security of the data, the networks, and the people using those products. Several high-profile breaches have been linked to supply chain issues, and agencies have received multiple policy directives and guidance as they work to secure their large attack surfaces.

A number of tools are now available to help agencies: NIST has a self-scoring tool in its Cybersecurity Framework (NIST 800-161rev 1), CISA has been developing road maps to help agencies on their journey, and GSA kicked off its Supply Chain Risk Management Community of Practice to share examples of what has been working for agencies.

At this workshop government and industry executives shared examples of what agencies are doing to comply with the new requirements, what has been most effective and what should be addressed first.

Attendees came away from this workshop with a better understanding of:

- How shared services can help address the issues of talent and workforce

- What tools are available to help agencies assess their current risk

- Where information on C-SCRM is being shared

- How the GSA’s Community of Practice can simplify the journey

- What is critical software?

- How to access information that industry is already sharing about materials and components in hardware and software