Documents in the NTIS Technical Reports collection are the results of federally funded research. They are directly submitted to or collected by NTIS from Federal agencies for permanent accessibility to industry, academia and the public.  Before purchasing from NTIS, you may want to check for free access from (1) the issuing organization's website; (2) the U.S. Government Printing Office's Federal Digital System website; (3) the federal government Internet portal; or (4) a web search conducted using a commercial search engine such as
Accession Number PB2013-101833
Title Notional Supply Chain Risk Management Practices for Federal Information Systems.
Publication Date Oct 2012
Media Count 99p
Personal Author C. Paulsen J. Boyens N. Bartol R. Moorthy S. A. Shankles
Abstract The information and communications technology (ICT) supply chain is a globally distributed, interconnected set of organizations, people, processes, products, and services. It extends across the full system development life cycle including research and development (R&D), design, development, acquisition of custom or commercial off-the-shelf (COTS) products, delivery, integration, operations, and disposal/retirement. Federal agency information systems2 are increasingly at risk of both intentional and unintentional supply chain compromise due to the growing sophistication of ICT and the growing speed and scale of a complex, distributed global supply chain. Federal departments and agencies currently have neither a consistent nor comprehensive way of understanding the often opaque processes and practices used to create and deliver the hardware and software products and services that it procures. This lack of understanding, visibility, traceability, and control increases the challenges associated with managing the risk of exploitation through a variety of means including counterfeit materials, malicious software, or untrustworthy products. Overall, it makes it increasingly difficult for federal departments and agencies to understand their exposure and manage the associated supply chain risks. Currently, federal departments and agencies and many private sector integrators and suppliers use varied and nonstandard practices, exacerbating the challenge.
Keywords Information and Communication Technology(ICT)
Information systems
Management practices
Risk management
Supply chain

Source Agency National Institute of Standards and Technology
NTIS Subject Category 70B - Management Practice
88B - Information Systems
Corporate Author National Inst. of Standards and Technology (ITL), Gaithersburg, MD. Computer Security Div.
Document Type Technical report
Title Note N/A
NTIS Issue Number 1303
Contract Number N/A

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader