The Communications Supply Chain Risk Information Partnership (C-SCRIP) held its first webinar for stakeholders on Monday, August 8. This program featured discussions on:
- NTIA’s Internet for All high-speed Internet grant programs, presented by Andy Berke, NTIA Special Representative for Broadband, and;
- NIST’s Cybersecurity Framework and Cybersecurity Supply Chain Risk Management Program, presented by Cherilyn Pascoe, NIST Senior Technology Policy Advisor, and Angela Smith, NIST Cybersecurity Supply Chain Risk Management Program Technical Lead.
Through the Infrastructure Investment and Jobs Act, NTIA is responsible for distributing $48 billion to help close the digital divide and ensure that all Americans have access to reliable, affordable high-speed Internet service. Berke explained the programs and suggested that interested attendees sign up for upcoming virtual Internet for All Office Hours. He recommended that they work closely with state broadband offices to stay in the loop on the high-speed Internet grant programs.
To be considered for these funds, applicants must attest that they have both a cybersecurity risk management plan and a supply chain risk management (SCRM) plan. The cybersecurity plan must reflect the latest version of the NIST Framework for Improving Critical Infrastructure Cybersecurity (currently Version 1.1) as well as the standards and control set forth in Executive Order 14208 and specify the security and privacy controls being implemented. The supply chain risk management plan must be based upon the key practices discussed in the NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management Observations from Industry and related SCRM guidance from NIST, including NIST 800-161, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
Pascoe explained the NIST Cybersecurity Framework, which is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst internal and external organizational stakeholders. Pascoe encouraged attendees to participate in NIST’s ongoing work to update the Cybersecurity Framework. For more information on the NIST Cybersecurity Framework, Pascoe pointed attendees to the Quick Start Guide.
Check back regularly for more events on C-SCRIP’s website: CSCRIP.NTIA.GOV, where you can also sign up for the mailing list. If you have any suggestions for future webinar topics, please send those ideas to C-SCRIP at cscrip@ntia.gov.