Communications Supply Chain Risk Information Partnership (C-SCRIP)
C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.
Please sign up here to join our mailing list.
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.
Notice of Establishment of the Communications Supply Chain Risk Information Partnership
NTIA announces the establishment of the Communications Supply Chain Risk Information Partnership (C-SCRIP) in support of the requirements of Section 8 of the Secure and Trusted Communications Network Act of 2019 (Act).
NTIA requested comment on ways to facilitate the sharing of security risk information with trusted providers of advanced communications service and suppliers of communications equipment or services.
Supply Chain
A robust supply chain risk management program illuminates potential security risks and provides countermeasures to fortify your organization's supply chain. Successful programs need enterprisewide commitment involving multiple disciplines, comprehensive information sharing, and adherence to best practices.
Cyber Risk Management
Cyber Supply Chain Risk Management involves identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of ICT/OT product and service supply chains. It covers the entire lifecycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction).
Cybersecurity
To protect your network, your customers, and your data, your organization needs cybersecurity guidance, solutions, and training that are practical, actionable, and enables you to cost-effectively address and manage your cybersecurity risks.
Ransomware
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
Border Gateway Protocol
The Internet is a network of networks. In order for your network to connect to the C-SCRIP website, it must exchange data with adjoining networks in order to determine the best route. The Border Gateway Protocol (BGP) is the way in which networks announce that they are a destination or that they are a route to a destination on the Internet. Neither the destination nor the route is authenticated. Both can be false, and a network sending traffic has no basis for knowing from BGP announcements if they are valid. False announcements (a.k.a. hijacks) can cause significant harms including loss of service and espionage.
Cloud Services
The cloud delivers computing resources over the Internet, such as storage, software, and services, creating a complex supply chain requiring extensive security protocols. Before deciding whether your business should migrate to the cloud, you should understand cloud computing’s capabilities and security risks.
5G and Beyond
Fifth generation wireless technologies (5G) provide the backbone for the critical connections necessary for prosperity and security in the United States. NTIA leads, coordinates, and engages in efforts to help ensure that 5G networks and the broader telecommunications supply chain are robust, reliable, and secure.
Climate Risks
While not a traditional component of supply chain risk management, climate risk to critical infrastructure is a growing concern across the United States.
Grant Information
NTIA manages and administers grant programs on behalf of the Federal government. Those grants are for programs and activities that promote the deployment of infrastructure for high-speed internet, manufacturing of critical components and technologies, and digital inclusion through access to skills development resources.
FCC Secure and Trusted Communications Networks Reimbursement Program
The Supply Chain Reimbursement Program is an initiative established by the FCC, as directed by Congress, to reimburse eligible providers of advanced communications services. This applies to providers with 10 million or fewer customers, covering reasonable costs associated with removing, replacing, and disposing of network equipment and services sourced from Huawei Technologies Company (Huawei) or ZTE Corporation (ZTE). The reimbursement is limited to equipment and services acquired on or before June 30, 2020.