Site Icon


Policy & Governance

In order to affect processes and outcomes, the ICT team works across the board to enhance DoD policies to support new threat to the ICT supply chain environment by engaging in:

  • Efforts to develop integrated C-SCRM policy framework (e.g. illumination, evaluation criteria, information sharing, and resilience)
  • The develop and sharing of metrics to measure supply chain risks & mandate annual reporting of risks
  • Streamline the 3252 and Scoping and Mitigations Roles/Responsibilities

ICT-SCRM Risk Mitigation Policies

NIST SP 800-53,rev 5 Security and Privacy Controls for Information Systems and Organizations

NIST SP 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations

NIST SP 800-218, Secure Software Development Framework v.1.1, Recommendations for Mitigating the Risk of Software Vulnerabilities 

CNSSI 1253, Security Categorization and Control Selection for NSS

DODI 5200.44 Trusted Systems and Networks

DoDI 5000.90  Cybersecurity for Acquisition Decision Authorities and Program Managers