You are here

NTIA's Communications Supply Chain Risk Information Partnership (C-SCRIP)

C-SCRIP program

Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.

Please sign up here to join our mailing list.


**Alert: Immediate Actions to Protect Against Log4j Exploitation**

Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system. In order for these vulnerabilities to be remediated in products and services that use affected versions of Log4j, the maintainers of those products and services must implement these security updates.


Background Information

Notice of Establishment of the Communications Supply Chain Risk Information Partnership 

Comments on Promoting the Sharing of Supply Chain Security Risk Information 


FCC Secure and Trusted Communications Networks Reimbursement Program 

**Deadline extended to January 28, 2022**

FCC Releases List of Equipment & Services That Pose Security Threat 

Reimbursement Program Guidance  


5G Resources and Guidance

NTIA Releases Analysis of Responses to 5G Challenge NOI 

Framework to Conduct 5G Testing

Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report

Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement 

Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources 

Security Guidance for 5G Cloud Infrastructures: Data Protection 

Security Guidance for 5G Cloud Infrastructures: Ensure Integrity of Cloud Infrastructure


Cybersecurity Services and Practices

NIST Cybersecurity Framework and Quick Start Guide

CISA Services Catalog (including free weekly vulnerability scans available as part of the Cyber Hygiene Services)

Small Business Cybersecurity Corner

Cyber Essentials

Bad Practices

Cyber Resilience Review Assessment

Ransomware Readiness Assessment

Ransomware Resources


Supply Chain Risk Management and Analysis

Know the Risk - Raise Your Shield: Supply Chain Risk Management

Framework for Assessing Risks

Supply Chain Best Practices

Supply Chain Risk Management Essentials

Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains

Outsourcing Network Services Assessment Tool (ONSAT) and User Manual

Vendor Supply Chain Risk Management (SCRM) Template and Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses 


Cybersecurity Risk Management

Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)

NTIA Releases Minimum Elements for a Software Bill of Materials 

Software Bill of Materials Resources

NIST Cyber Supply Chain Risk Management Publications

Cybersecurity & Supply Chain Risk Management Acquisition Guidance

Internet of Things (IoT) Acquisition Guidance


Broadband Initiatives

Request for Comment on Broadband Programs in Bipartisan Infrastructure Law (closes February 4, 2022)

National Broadband Availability Map

NTIA's BroadbandUSA Publications



Cyber Alerts

National Cyber Awareness System (NCAS) Sign-Up

Alert (AA22-011A): Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Alert (AA21-291A): BlackMatter Ransomware

Alert (AA21-265A): Conti Ransomware

Alert (AA21-131A): DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities


Upcoming Events (please note that some of these events require advance registration)

January 26: Infrastructure Investment and Jobs Act Broadband Programs: Public Virtual Listening Session #3

January 26: Anatomy of a Murder: How Hackers are Killing Small Businesses

January 27: Cybersecurity Risk Management: Quantifying and Buying Down Cybersecurity Risk

February 1: Website Planning Series: Let’s Secure Your Website

February 8-10: ReConnect Program Application Workshop

February 9: Infrastructure Investment and Jobs Act Broadband Programs Public Virtual Listening Session #4

February 16: Internet of Things Embedded Security Guidance

February 23: Infrastructure Investment and Jobs Act Broadband Programs: Public Virtual Listening Session #5


Grant Information

BroadbandUSA Federal Funding Guide

FCC Emergency Connectivity Fund Resources

USDA Rural Development Broadband ReConnect Program (Application window opens November 24)



The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.