FSSCC-FBIIC Cyber Security Committee
Supply Chain Working Group Toolkit

Supply Chain Working Group Toolkit:

• Internal Software Development
• Services
• COTS Software
• Hardware Testing

The FSSCC-FBIIC Cyber Security Committee has sponsored a working group called the Supply Chain Working Group comprised of leading security and risk management practitioners that have agreed to work together to create a deliverable that will be useful to IT managers and information security officers interested in improving the resiliency of their organization's supply chains.

The Supply Chain Working Group has leveraged resources, practices, information from both the public and private sectors. The intent is to create deliverables that are useful and practical for practitioners that leverage available resources for all industries both private sector and public sector. The members of this working group share a common passion to further the practice and discipline of enterprise wide risk management making it easier of their colleagues to achieve their goals.

The Supply Chain Working Group Toolkit is divided into 4 channels:

1. Internally developed software
2. Software developed by a 3rd-party
3. Software purchased off the shelf
4. Hardware, firmware, appliances

For each channel, the deliverable is divided into 2 sections:

1. A summary of survey results from 4 surveys (1 per channel) of members of FS-ISAC and BITS
2. Identification of leading practices to improve supply chain resilience based on input from recognized subject matter experts including reference information for the growing body of information available on supply chain resilience