• Classroom
Course Description

Advanced cyber threats can compromise your network well before you use any IT product by targeting hardware and software supply chain dependencies. The Information and Communications Technology (ICT) Supply Chain Risk Management course is an immersive and multi-disciplinary cyber security course designed to assist organizations with implementing NIST SP 800-161, Rev. 1 and NIST SP 800-53, Rev. 5 (SR Controls) best practices. The course focuses on instruction and exercises designed to identify, assess, and mitigate software and hardware supply chain risks associated with the global and distributed nature of ICT product and service supply chains.

Learning Objectives

To provide hands-on immersion training and best practice guidance for how to set up and manage a Cyber SCRM program that aligns with EO 14028 requirements and NIST best practices, conduct an IT supply chain risk assessment, evaluate hardware and software provenance, evaluate software bill of materials (SBOM), prevent and detect tampered and counterfeit IT products, and continuously monitor open source intelligence to identify cyber supply chain risk exposures to third party suppliers and vendors.

Framework Connections