The Cybersecurity and Infrastructure Security Agency’s new Cyber Supply Chain Risk Management Office is developing training and maturity models for federal agencies, while also considering the role of supply chain illumination tools and other supplier evaluation techniques.
The C-SCRM Office is a little over a year old. Shon Lyublanovits, program lead for cyber supply chain risk management at CISA, said her team is still growing as it develops a strategic plan for spreading supply chain best practices across government.
“How do we strategically put that message out? What are some of the things that we must do internally that would best position us to help other agencies?” Lyublanovits said during Federal News Network’s Cyber Leaders Exchange 2023.
She said CISA is considering how the supply chain office intersects with the work being done at the agency’s National Risk Management Center (NRMC), which does critical infrastructure risk analysis, and its Vulnerability Management (VM) division, which works to reduce the risks of software exploits.
“We’re having a lot…
