U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.


Building a Body of Knowledge for ICT Supply Chain Risk Management

Published: May 16, 2013

Author(s): Dan Shoemaker and Nancy Mead SDLC Life Cycles: Management Copyright: Copyright © Carnegie Mellon University and CrossTalk: The Journal of Defense Software Engineering


By Dan Shoemaker, Ph.D. and Nancy R. Mead, Ph.D.

This paper proposes a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT). This set can be used as a starting point to create a body of knowledge in SCRM to ensure the integrity of ICT products.

Back to Top