In September 2017, this (legacy) site will be replaced with the new site you can see at At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Software and Supply Chain Assurance (SSCA) Forum and Working Groups

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance (SSCA) Forum and Working Groups provide a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective mitigation strategies, and any gaps related to the people, processes, or technologies involved.

The effort was initiated in 2003 as a Department of Homeland Security (DHS)-sponsored Cross-Sector Cyber Security Working Group (CSCSWG) established under auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) that provides legal framework for public-private collaboration and participation.

Originally called the Software Assurance (SwA) Forum and Working Groups, its purpose was to bring together a stakeholder community to protect the Nation’s key information technologies, most of which are enabled and controlled by software. The community evolved and broadened the scope to include additional focus on the supply chain and is currently co-sponsored by DHS, the Department of Defense (DoD) Office of the Secretary of Defense, Government Services Agency (GSA), and the National Institute of Standards and Technology (NIST).

SSCA events are held quarterly and are free and open to the public. In general, Summer and Winter sessions are intended for working group-type discussions while the Spring and Fall sessions are reserved for more traditional forum presentations. Interaction is always encouraged.

To receive information about upcoming meetings and related activities, please sign up for the sw.assurance mailing list, operated by NIST, by sending a blank email to


Forums are held quarterly and are FREE and open to the public; registration is required.


As of 2014, the Forums are operated under the Chatham House Rule, meaning “participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed”. On occasion, a speaker may wish to provide their slides to the group, in which case they will be posted on this website.