Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Building a Body of Knowledge for ICT Supply Chain Risk Management

Author(s): Dan Shoemaker Nancy Mead Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Management  Copyright: Copyright © Carnegie Mellon University and CrossTalk: The Journal of Defense Software Engineering


By Dan Shoemaker, Ph.D. and Nancy R. Mead, Ph.D.

This paper proposes a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT). This set can be used as a starting point to create a body of knowledge in SCRM to ensure the integrity of ICT products.