Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.
Please sign up here to join our mailing list.
Background Information
Notice of Establishment of the Communications Supply Chain Risk Information Partnership (July 8, 2020)
Comments on Promoting the Sharing of Supply Chain Security Risk Information (July 29, 2020)
Alerts
Alert (AA21-209A): Top Routinely Exploited Vulnerabilities
Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities
Alert (AA21-092A): APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks
Alert (AA21-062A): Mitigate Microsoft Exchange Server Vulnerabilities
NTIA News and Resources
NTIA Releases Minimum Elements for a Software Bill of Materials (July 12, 2021)
NTIA Releases Final Rule for $268 Million Connecting Minority Communities Pilot Program (June 15, 2021)
NTIA Technical Report TR-21-553: In-Situ Captures of AWS-1 LTE for Aeronautical Mobile Telemetry System Evaluation (March 2021)
NTIA Technical Memo TM-21-552: LTE Uplink Aggregate Interference Measurement System (February 2021)
Software Bill of Materials Resources
FCC Resources
FCC Emergency Connectivity Fund Resources
FCC Releases List of Equipment & Services That Pose Security Threat (March 12, 2021)
NIST Resources
NIST Cyber Supply Chain Risk Management Publications
CISA Resources
Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses (September 2021)
CISA Analysis: FY2020 Risk and Vulnerability Assessments (July 2021)
Risk to Critical Infrastructure: Telecommunications Central Offices (June 2021)
Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report (May 2021)
Securing 5G Infrastructure from Cybersecurity Risks (May 2021)
CISA Supply Chain Risk Management Essentials (April 2021)
Defending Against Software Supply Chain Attacks (April 2021)
ICT SCRM Task Force -- Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists (April 2021)
ICT SCRM Task Force -- Vendor Supply Chain Risk Management (SCRM) Template (April 2021)
ODNI Resources
Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains
Training
Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)
Upcoming Events (please note that some of these events require advance registration)
September 23: NTIA Grant Program: Connecting Minority Communities Webinar, Session 6b
September 27: FCC Webinar on the Secure and Trusted Communications Networks Reimbursement Program
October 20: NTIA Grant Program: Connecting Minority Communities Webinar, Session 7a
October 21: NTIA Grant Program: Connecting Minority Communities Webinar, Session 7b
Grant Information
Consolidated Appropriations Act Funding
About C-SCRIP
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.
Contact: cscrip@ntia.gov
