Security Risk Management for the Off-the-Shelf (OTS) Information and Communications Technology (ICT) Supply Chain

This SOAR provides a comprehensive examination of the current state-of-the-art in addressing supply chain risk management (SCRM) as it pertains to ICT. This includes how ICT SCRM emerged as a major concern in DOD, the intelligence community, and civilian government, and describes the numerous threats to the ICT supply chain. This examination covers from the ICT supply chain itself to the hardware and software products within it. It discusses current and emerging safeguards and countermeasures against threats as well as mitigations to supply chain vulnerabilities to those threats. The main focus of the SOAR is its comprehensive survey of government, industry, and academic activities and initiatives (in the U.S. and abroad) that address various aspects of the SCRM challenge, including scientific and technical research to further available techniques and technologies for increasing the robustness and resilience of the supply chain against the security threats that target it.