Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.
Please sign up here to join our mailing list.
Background Information
Notice of Establishment of the Communications Supply Chain Risk Information Partnership
Comments on Promoting the Sharing of Supply Chain Security Risk Information
***VMWare Advisory***
CISA has published a cybersecurity advisory, Threat Actors Chaining VMware Vulnerabilities for Full System Control, in response to observed or expected active exploitation of a series of vulnerabilities (CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973) in several VMware products. Please see the advisory for more information and for steps to mitigate the vulnerabilities.
FCC Secure and Trusted Communications Networks Reimbursement Program
FCC Expands List of Equipment and Services That Pose Security Threat (updated March 25, 2022)
5G Resources and Guidance
NIST has published portions of a preliminary draft practice guide, Special Publication (SP) 1800-33 Volume B, 5G Cybersecurity: Approach, Architecture, and Security Characteristics, and is seeking the public's comments on the contents. This NIST Cybersecurity Practice Guide explains how a combination of 5G security features and third-party security controls can be used to implement the security capabilities organizations need to safeguard their 5G network usage. Commercial mobile network operators, potential private 5G network operators, and organizations using and managing 5G-enabled technology will find SP 1800-33 Volume B of particular interest. Written comments in response to this preliminary draft must be submitted to NIST by June 27, 2022 at 5g-security@nist.gov..
Framework to Conduct 5G Testing
Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report
Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement
Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources
Security Guidance for 5G Cloud Infrastructures: Data Protection
Security Guidance for 5G Cloud Infrastructures: Ensure Integrity of Cloud Infrastructure
Cybersecurity Services and Practices
NIST Cybersecurity Framework and Quick Start Guide
Sharing Cyber Event Information with CISA Fact Sheet
CISA Free Cybersecurity Services and Tools (including free weekly vulnerability scans available as part of the Cyber Hygiene Services)
Small Business Cybersecurity Corner
Cyber Resilience Review Assessment
Ransomware Readiness Assessment
Supply Chain Risk Management and Analysis
Risk Management Framework for Systems and Organizations Introductory Course
Know the Risk - Raise Your Shield: Supply Chain Risk Management
Supply Chain Risk Management Essentials
Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains
Outsourcing Network Services Assessment Tool (ONSAT) and User Manual
Vendor Supply Chain Risk Management (SCRM) Template and Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses
Cybersecurity Risk Management
Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
NTIA Releases Minimum Elements for a Software Bill of Materials
Software Bill of Materials Resources
NIST Cyber Supply Chain Risk Management Publications
Cybersecurity & Supply Chain Risk Management Acquisition Guidance
Internet of Things (IoT) Acquisition Guidance
Broadband Initiatives
Broadband Resources for State and Local Governments
Introducing the Tribal Broadband Planning Toolkit
National Broadband Availability Map
NTIA's BroadbandUSA Publications
NTIA ACCESS BROADBAND 2021 Report
Cyber Alerts
National Cyber Awareness System (NCAS) Sign-Up
Alert (AA22-138A): Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Alert (AA22-117A): 2021 Top Routinely Exploited Vulnerabilities
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Alert (AA22-103A): APT Cyber Tools Targeting ICS/SCADA Devices
Upcoming Events (please note that some of these events require advance registration)
May 23: Internet for All Webinar Series: Bipartisan Infrastructure Law Overview
June 1: INCONTROLLER: Analysis and Implications of The New State-Sponsored Threat to ICS
June 16: Cybersecurity Basics for Remote Work
June 21: What the Hack?: Cyber Threats and Your Business
June 29: Marie Kondo Methods to Cyber-Proof Your Business
June 29: How is 5G Impacting Emergency Communications
Grant Information
BroadbandUSA Federal Funding Guide
FCC Emergency Connectivity Fund Resources
About C-SCRIP
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.
Contact: cscrip@ntia.gov