New Cybersecurity and SCRM Requirements
The U.S. Department of Commerce, through NTIA, has established its Notice of Funding Opportunity for multiple broadband programs, including the Broadband Equity Access Deployment (BEAD) program designed to close the digital divide across the U.S. and its territories. This program was created out of the Infrastructure Investment and Jobs Act (IIJA) which was signed into law in late 2021. The BEAD program in particular has created a once-in-a-lifetime opportunity to connect our country, but it comes at a time when America’s digital infrastructure is also under constant attack, with sophisticated adversaries targeting our networks through supply chains.
To ensure this historic investment in Broadband is used to build high-speed, reliable networks we can trust, eligibility to participate includes unprecedented Cybersecurity and Supply Chain Risk Management (SCRM) requirements that will need to be met by state governments as well as service providers and their vendors.
Resources for Stakeholders
The U.S. government is demanding improvements in cybersecurity and supply chain risk management from the ICT industry. The U.S. BEAD program, through the directions provided in the NOFO, set unprecedented baseline requirements in specifying prudent cybersecurity and supply-chain risk management practices for States (Eligible Entities) which are to receive attestations from those deploying or upgrading broadband networks using BEAD funds (Subgrantees) to ensure compliance with stated expectations.
Learn how new cybersecurity and supply chain risk management requirements for BEAD funding can be aligned and demonstrated with certification to a new industry standard from TIA QuEST Forum called SCS 9001.
Attesting to meet cybersecurity and supply chain risk management requirements demands service providers have operationalized plans for each area to be eligible for funding. The global ICT industry supply chain security standard, SCS 9001 helps align with all of the requirements.
Vendors & Suppliers
Supporting service providers under the U.S. BEAD Program will mean helping clients establish and operationalize supply chain risk management plans. TIA QuEST Forum's SCS 9001 standard certification comes from independent certification bodies who audit and verify all hardware and software deliverables meet appropriate security performance levels compared to anonymized industry benchmarks.
A New Industry Standard
SCS 9001 is a new industry-driven supply chain security standard which demonstrates the proper operational and procedural hygiene of an operator or service provider and its vendors in delivering trusted products and services to the organizations who manage ICT networks around the world, be they private or public. SCS 9001 compliance can be independently audited and certified which can help position organizations to be in full alignment with the four sets of cybersecurity and supply chain risk management requirements:
- How SCS 9001 Aligns with Executive Order 14028
- How SCS 9001 Aligns with NIST Framework for Improving Critical Infrastructure Cybersecurity
- How SCS 9001 Aligns with NISTIR 8276 Key Practices in Cyber Supply Chain Risk Management
- Coming soon: How SCS 9001 Aligns with NIST 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations