You are here

C-SCRIP

C-SCRIP program

Welcome to the Communications Supply Chain Risk Information Partnership (C-SCRIP). C-SCRIP is a program designed to share supply chain security risk information with trusted communications providers and suppliers. Our goal is to improve small and rural communications providers’ and equipment suppliers’ access to information about risks to key elements in their supply chain. NTIA will tailor this risk information to be relevant and accessible to the C-SCRIP community. Additionally, C-SCRIP will share relevant training and grant funding opportunities from government partners with this community.

Please sign up here to join our mailing list.

 

FCC Resources

FCC Supply Chain Resources

FCC Releases List of Equipment & Services That Pose Security Threat (March 12, 2021)

 

National Supply Chain Integrity Month Resources

Cybersecurity and Infrastructure Security

Office of the Director of National Intelligence

Center for Development of Security Excellence

 

Upcoming Events (please note that some of these events require advance registration)

May 5: NTIA Grant Program: Connecting Minority Communities Webinar, Session 1a

May 6: NTIA Grant Program: Connecting Minority Communities Webinar, Session 1b

May 12: Webinar on Initial Public Draft of Special Publication 800 – 161, Revision 1, Supply Chain Risk Management Practices for Systems and Organizations.

May 12: NTIA Grant Program: Broadband Infrastructure Webinar, Session 2a

May 13: NTIA Grant Program: Broadband Infrastructure Webinar, Session 2b

May 18-19 Securing the 5G Supply Chain Workshop

May 19: NTIA Grant Program: Tribal Broadband Connectivity Webinar, Session 2a

May 20: NTIA Grant Program: Tribal Broadband Connectivity Webinar, Session 2b

May 26: NTIA Grant Program: Connecting Minority Communities Webinar, Session 2a

May 27: NTIA Grant Program: Connecting Minority Communities Webinar, Session 2b

June 9: NTIA Grant Program: Broadband Infrastructure Webinar, Session 3a

June 10: NTIA Grant Program: Broadband Infrastructure Webinar, Session 3b

June 16: NTIA Grant Program: Tribal Broadband Connectivity Webinar, Session 3a

June 17: NTIA Grant Program: Tribal Broadband Connectivity Webinar, Session 3b

June 23: NTIA Grant Program: Connecting Minority Communities Webinar, Session 3a

June 24: NTIA Grant Program: Connecting Minority Communities Webinar, Session 3b

 

Alerts

Alert (AA21-110A): Exploitation of Pulse Connect Secure Vulnerabilities

Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Alert (AA21-092A): APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks

Alert (AA21-077A): Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

Alert (AA21-062A): Mitigate Microsoft Exchange Server Vulnerabilities

Alert (AA20-352A): Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

 

Recent NTIA Resources

Software Bill of Materials Resources

NTIA Technical Report TR-21-553: In-Situ Captures of AWS-1 LTE for Aeronautical Mobile Telemetry System Evaluation (March 2021)

NTIA Technical Memo TM-21-552: LTE Uplink Aggregate Interference Measurement System (February 2021)

Program to Increase Broadband Access Across Indian Country (February 1, 2021)

 

NIST Resources

NIST Cyber Supply Chain Risk Management Publications

NIST Cybersecurity Framework

 

CISA Resources

CISA Supply Chain Risk Management Resources

Supply Chain Risk Management Essentials (April 2021)

Defending Against Software Supply Chain Attacks (April 2021)

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists (April 2021)

Vendor Supply Chain Risk Management (SCRM) Template (April 2021)

Threat Scenarios, Version 2 (February 2021)

Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks (December 2020)
 

ODNI Resources

Supply Chain Risk Management: Reducing Threats to Key U.S. Supply Chains

Framework for Assessing Risks

Supply Chain Best Practices

 

Training

Cyber Supply Chain Risk Management for the Public (Free course provided through the Federal Virtual Training Environment, with no log-in requirements.)

 

Grant Information

Consolidated Appropriations Act Funding

BroadbandUSA Funding Guide

 

About C-SCRIP

The C-SCRIP program was called for in the Secure and Trusted Communications Networks Act of 2019. The Act established a Federal Communications Commission program to reimburse smaller providers for removing and replacing equipment and services that threaten national security. This information sharing program, mandated by Section 8 of the Act, was intended to ensure that small, rural providers have access to the supply chain risk information they need before they make an investment, which should mitigate further “rip and replace” programs in the future.

 

Background Information

Notice of Establishment of the Communications Supply Chain Risk Information Partnership (July 8, 2020)

Comments on Promoting the Sharing of Supply Chain Security Risk Information (July 29, 2020)

 

Contactcscrip@ntia.gov