Resources and Further Reading

- Atlantic Council - Software in the Supply Chain Era
- DHS ICT Supply Chain Risk Management task force
- NTIA Software Bill of Materials project
- Model contract language
- Guide on Cybersecurity Procurement Language in Task Order Requests for Proposals for Federal Facilities
- Energy Sector Control Systems Working Group (ESCSWG)
- Department of Homeland Security: Cyber Security Procurement Language for Control Systems
- Cyber Security Procurement Language for Control Systems Version 1.8
- National Electrical Manufacturers Association (NEMA) Supply Chain Best Practices Guideline
- NIST 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations
- NIST 800-30 Guide for Conducting Risk Assessments