Advanced cyber threats can compromise your network well before you use any IT product by targeting hardware and software supply chain dependencies. The Information and Communications Technology (ICT) Supply Chain Risk Management course is an immersive and multi-disciplinary cyber security course designed to assist organizations with implementing NIST SP 800-161, Rev. 1 and NIST SP 800-53, Rev. 5 (SR Controls) best practices. The course focuses on instruction and exercises designed to identify, assess, and mitigate software and hardware supply chain risks associated with the global and distributed nature of ICT product and service supply chains.
Learning Objectives
To provide hands-on immersion training and best practice guidance for how to set up and manage a Cyber SCRM program that aligns with EO 14028 requirements and NIST best practices, conduct an IT supply chain risk assessment, evaluate hardware and software provenance, evaluate software bill of materials (SBOM), prevent and detect tampered and counterfeit IT products, and continuously monitor open source intelligence to identify cyber supply chain risk exposures to third party suppliers and vendors.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Risk Management
- Network Services
- Systems Administration
- Systems Analysis
- Cyber Defense Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.