Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.
Please sign up here to join our mailing list.
Background Information
Notice of Establishment of the Communications Supply Chain Risk Information Partnership
Comments on Promoting the Sharing of Supply Chain Security Risk Information
FCC Secure and Trusted Communications Networks Reimbursement Program
FCC Releases List of Equipment & Services That Pose Security Threat (March 12, 2021)
Reimbursement Program Guidance
Cyber Alerts
National Cyber Awareness System (NCAS) Sign-Up
Alert (AA21-291A): BlackMatter Ransomware
Alert (AA21-265A): Conti Ransomware
Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities
NTIA News and Resources
NTIA Releases Analysis of Responses to 5G Challenge NOI
NTIA Releases Minimum Elements for a Software Bill of Materials
Software Bill of Materials Resources
NIST Resources
NIST Cyber Supply Chain Risk Management Publications
CISA Resources
Vendor Supply Chain Risk Management (SCRM) Template
Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses
Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report
Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement
Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources
Security Guidance for 5G Cloud Infrastructures: Data Protection
Ransomware Readiness Assessment
Rising Ransomware Threat to Operational Technology Assets
Cyber Hygiene Services (including free weekly vulnerability scans)
ODNI Resources
Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains
Outsourcing Network Services Assessment Tool (ONSAT) User Manual
Training
Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)
Upcoming Events (please note that some of these events require advance registration)
December 6: Small Business Cyber Security Best Practices
December 9: NIST Workshop on Cybersecurity Labeling for Consumer IoT and Software: Executive Order Update and Discussion
January 20: Cybersecurity Basics for Remote Work
Grant Information
BroadbandUSA Federal Funding Guide
FCC Emergency Connectivity Fund Resources
USDA Rural Development Broadband ReConnect Program (Application window opens November 24)
About C-SCRIP
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.
Contact: cscrip@ntia.gov
