Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

NTIA's Communications Supply Chain Risk Information Partnership (C-SCRIP)

Image
C-SCRIP

Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share public security alerts, relevant training events, and grant funding opportunities from government partners with this community.

Please sign up here to join our mailing list.

 

Background Information

Notice of Establishment of the Communications Supply Chain Risk Information Partnership 

Comments on Promoting the Sharing of Supply Chain Security Risk Information 

 

FCC Secure and Trusted Communications Networks Reimbursement Program 

FCC Expands List of Equipment and Services That Pose Security Threat (updated September 20, 2022)

FCC Announces Supply Chain Reimbursement Program Approved Applications

 

Cybersecurity Services and Practices

CISA is requesting public input on proposed regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. For more information, including how to submit input on behalf of your organization, please visit Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) | CISA.

NIST Cybersecurity Framework and Quick Start Guide

Updating the NIST Cybersecurity Framework – Journey To CSF 2.0

CISA Free Cybersecurity Services and Tools (including free weekly vulnerability scans available as part of the Cyber Hygiene Services)

  • CISA recently released RedEye, an interactive open-source analytic tool for use by Red Teams to visualize and report command and control activities. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video

Small Business Cybersecurity Corner

Cyber Essentials

Bad Practices

Cyber Resilience Review Assessment

Ransomware Readiness Assessment

Ransomware Resources

 

Supply Chain Risk Management and Analysis

Risk Management Framework for Systems and Organizations Introductory Course

Assessment of the Critical Supply Chains Supporting the U.S. Information and Communications Technology Industry

Know the Risk - Raise Your Shield: Supply Chain Risk Management

Framework for Assessing Risks

Supply Chain Best Practices

Supply Chain Risk Management Essentials

Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains

Outsourcing Network Services Assessment Tool (ONSAT) and User Manual

Vendor Supply Chain Risk Management (SCRM) Template and Operationalizing the Vendor SCRM Template for Small and Medium-Sized Businesses 

 

Cybersecurity Risk Management

Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment)

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Defending Against Software Supply Chain Attacks

CSRIC Report on Recommended Best Practices to Improve Communications Supply Chain Security (September 2022)

NTIA Releases Minimum Elements for a Software Bill of Materials 

Software Bill of Materials Resources

Securing the Software Supply Chain: Recommended Practice Guide for Developers 

NIST Cyber Supply Chain Risk Management Publications

Internet of Things (IoT) Acquisition Guidance

 

5G Resources and Guidance

Open Radio Access Network Security Considerations 

5G Security Evaluation Process Investigation

Framework to Conduct 5G Testing

Potential Threat Vectors to 5G Infrastructure – CISA, NSA, ODNI Report

Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement 

Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources 

Security Guidance for 5G Cloud Infrastructures: Data Protection 

Security Guidance for 5G Cloud Infrastructures: Ensure Integrity of Cloud Infrastructure

 

Broadband Initiatives

Broadband Resources for State and Local Governments

Introducing the Tribal Broadband Planning Toolkit

National Broadband Availability Map

NTIA's BroadbandUSA Publications

NTIA ACCESS BROADBAND 2021 Report

 

Cyber Alerts

National Cyber Awareness System (NCAS) Sign-Up

Alert (AA22-294A): #StopRansomware: Daixin Team

Alert (AA22-279A): Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Alert (AA22-249A): #StopRansomware: Vice Society

Alert (AA22-223A): #StopRansomware: Zeppelin Ransomware

Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Alert (AA22-181A): #StopRansomware: MedusaLocker

 

 

Upcoming Events (please note that some of these events require advance registration)

November 9: Cybersecurity: Is Your Organization at Risk?

November 15: Securing Small and Medium-Sized Business ICT Supply Chains

November 16: Public-Private Collaboration to Enhance Operational Technology Cyber Defense

November 17: How to Build your Small Business Cyber Risk Program

 

Grant Information

Internet For All Programs

Updated Federal Broadband Funding Guide (Updated September 19, 2022)

State and Local Cybersecurity Grant Program (SLCGP)

FCC Emergency Connectivity Fund Resources

 

About C-SCRIP

The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.

 

Contactcscrip@ntia.gov