Cybersecurity attacks disrupt, destroy, and compromise components across manufacturing supply chains and create risks that transcend agencies, departments, and organizations. Cyber risk is especially acute in critical infrastructure, due to increasing reliance on information communication technology (ICT) components and systems. Historically, supply chain risk management (SCRM) efforts focused on security, resiliency, and logistics; however, the emergence of cybersecurity risk within the Nation’s supply chain requires an augmented SCRM approach that focuses on product integrity. 

The Enterprise Supply Chain Risk Management (eSCRM) Program provides the Department with a robust toolset of defense-in-breadth and defense-in-depth enterprise capabilities. The Program includes Agency-specific SCRM policies and procedures delivered through a Supply Chain Risk Management-Resource Center (SCRM-RC), which institutionalizes SCRM practices, reduces costs, builds trust into systems, and provides essential services. The SCRM-RC is a centralized focal point that directly supports supply chain risk-based decisions executed by undersecretarial organizations and PMs. Specifically, the SCRM-RC is a prevention, detection, and reporting mechanism that promotes product integrity through:

  • Training, Outreach, and Awareness
  • Supply Chain Risk Modeling
  • Incident Management Support
  • Program administration
  • Metrics and Key Performance Indicators

SCRM-RC outputs are unique to each capability offering and include high-level SCRM advice, detailed supply chain risk assessments, and subject matter expertise, in support of criticality and prioritization analysis. The eSCRM Program services are accessible via the Enterprise SCRM mailbox at: