You are here

NTIA's Communications Supply Chain Risk Information Partnership (C-SCRIP)

C-SCRIP program

Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.

Please sign up here to join our mailing list.


Background Information

Notice of Establishment of the Communications Supply Chain Risk Information Partnership (July 8, 2020)

Comments on Promoting the Sharing of Supply Chain Security Risk Information (July 29, 2020)



Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Alert (AA21-291A): BlackMatter Ransomware

Alert (AA21-265A): Conti Ransomware

Alert (AA21-131A): DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities


NTIA News and Resources

NTIA Releases Analysis of Responses to 5G Challenge NOI (October 22, 2021)

NTIA Launches C-SCRIP Information-Sharing Program (October 12, 2021)

NTIA Releases Minimum Elements for a Software Bill of Materials (July 12, 2021)

NTIA Releases Final Rule for $268 Million Connecting Minority Communities Pilot Program (June 15, 2021)

Software Bill of Materials Resources


FCC Resources

FCC Releases List of Equipment & Services That Pose Security Threat (March 12, 2021)

FCC Supply Chain Resources 


NIST Resources

NIST Cyber Supply Chain Risk Management Publications

NIST Cybersecurity Framework

Ransomware Resources


CISA Resources

Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force Resources

Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses (September 2021)

ICT SCRM Task Force -- Vendor Supply Chain Risk Management (SCRM) Template (April 2021)

Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report (May 2021)

Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement (October 2021)

Ransomware Readiness Assessment

Rising Ransomware Threat to Operational Technology Assets

Cyber Hygiene Services (including free weekly vulnerability scans)

Cyber Essentials

Bad Practices


ODNI Resources

Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains

Outsourcing Network Services Assessment Tool (ONSAT) User Manual

Framework for Assessing Risks

Supply Chain Best Practices



Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)


Upcoming Events (please note that some of these events require advance registration)

December 1: NIST Workshop on Revision 1 of Public Draft Special Publication 800 – 161, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

December 2: Understanding Cybersecurity for Small Business

December 9: NIST Workshop on Cybersecurity Labeling for Consumer IoT and Software: Executive Order Update and Discussion


Grant Information

BroadbandUSA Federal Funding Guide

FCC Emergency Connectivity Fund Resources

NTIA Accepting Applications for $268 Million Connecting Minority Communities Pilot Program (December 1)

USDA Rural Development Broadband ReConnect Program (Application window opens November 24)



The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.