Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.
NTIA News and Resources
NTIA Launches C-SCRIP Information-Sharing Program (October 12, 2021)
NTIA Releases Minimum Elements for a Software Bill of Materials (July 12, 2021)
FCC Releases List of Equipment & Services That Pose Security Threat (March 12, 2021)
Cyber Hygiene Services (including free weekly vulnerability scans)
Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)
Upcoming Events (please note that some of these events require advance registration)
October 18-21: Department of Energy 5G Supply Chain Workshop
The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.