Under Initiative 11 of the President’s CNCI Program, the National Institute of Standards and Technology (NIST) has been tasked with supporting federal policy development in Supply Chain Risk Management (SCRM) for Information Communications Technology (ICT).
To support NIST’s work, the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland College Park was awarded a grant in August, 2011. Our project attempted to inventory the proliferating array of existing industry and public sector initiatives across diverse ICT segments (software, hardware, networks and system integration services).
It also formulated a ICT SCRM community framework capable of embracing the processes and practices defined in these various initiatives within a single risk management architecture. This framework has three tiers: enterprise risk governance, system integration and operations. Within each tier, we defined a core set of attributes or distinct organizational capabilities.
This framework conferred two broad capabilities: defense in breadth and defense in depth and was intended to enable each of the initiatives to better understand its own relative positioning in the ICT SCRM ecosystem; to highlight distinctive capabilities of and complementarities between initiatives; and to facilitate the identification and assessment of gaps in coverage in the ICT SCRM community.
Under Initiative 11 of the President’s CNCI Program, the National Institute of Standards and Technology (NIST) has been tasked with supporting federal policy development in Supply Chain Risk Management (SCRM) for Information Communications Technology (ICT). To support NIST’s work, the Supply Chain...
See full abstract
Under Initiative 11 of the President’s CNCI Program, the National Institute of Standards and Technology (NIST) has been tasked with supporting federal policy development in Supply Chain Risk Management (SCRM) for Information Communications Technology (ICT).
To support NIST’s work, the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland College Park was awarded a grant in August, 2011. Our project attempted to inventory the proliferating array of existing industry and public sector initiatives across diverse ICT segments (software, hardware, networks and system integration services).
It also formulated a ICT SCRM community framework capable of embracing the processes and practices defined in these various initiatives within a single risk management architecture. This framework has three tiers: enterprise risk governance, system integration and operations. Within each tier, we defined a core set of attributes or distinct organizational capabilities.
This framework conferred two broad capabilities: defense in breadth and defense in depth and was intended to enable each of the initiatives to better understand its own relative positioning in the ICT SCRM ecosystem; to highlight distinctive capabilities of and complementarities between initiatives; and to facilitate the identification and assessment of gaps in coverage in the ICT SCRM community.
Hide full abstract