Cyberattacks have increased in complexity, severity and frequency in 2021 and 2022, as predicted by several Government Accountability Office, Federal Information Security Management Act and Inspector General reports. Cyber attacks that have raised Cyber-Supply Chain Risk Management (C-SCRM) concerns across U.S Federal Government. Helped prioritize C-SCRM, cybersecurity risk management and focus Federal Agencies on identifying and mitigating the risks that cyber threats pose, and mitigating impact to their systems and their supply chains.
Federal government has been working to resolve cybersecurity since the passing by Congress of FISMA in 2002, modified in 2014 and 2022. FISMA requires the adoption of Risk Management Framework (RMF) and NIST SP 800-37 by Federal Agencies and their contractors. The RMF requires organizations to develop a C-SCRM policy and address C-SCRM goals and objectives in their strategic plans, missions, business functions, and organizational roles and responsibilities. The development of C-SCRM policies and apply risk management practices that align with both FISMA and Office of Management and Budget (OMB) A-130.