• Document: Supply Chain Risk Management (SCRM) ~OVERVIEW~
  • Size: 947.34 KB
  • Uploaded: 2019-04-16 05:18:29
  • Status: Successfully converted

Some snippets from your converted document:

Supply Chain Risk Management (SCRM) ~OVERVIEW~ AFCEA C4ISR - SCRM PANEL Apr 26 2016 Grant Merkel SPAWARSYSCOM/SSC Pacific ~Operations Security Manager ~Research & Technology Protection (RTP) Manager ~Supply Chain Risk Management (SCRM) Lead Ph. (619) 553-2800/DSN 553 grant.merkel@navy.mil Distribution Distribution Statement: Statement: A, Unlimited A, Unlimited Distribution Distribution 1 Agenda ▼ Supply Chain Risk Management (SCRM) Policy Overview ▼ SCRM/Trusted Systems & Networks (TSN) ▼ SCRM Risk Overview ▼ Impacts to DON ▼ Impacts to Government contractors ▼ SPAWAR SCRM Efforts ▼ SSC PAC SBO Information Distribution Statement: A, Unlimited Distribution 2 Global Supply Chain? Trustworthy Component Design/Production/ Installed Shipment “I think you should be more explicit here in step two” Distribution Statement: A, Unlimited Distribution 3 SCRM Policy Overview ▼ SCRM is a relatively new effort within the DoD, but has Congressional, OSD, SECNAV, CNO high-vis attention ▼ Current policy requirements are directed toward Programs of Record and government contractors ▼ National Defense Authorization Act (NDAA Fy11, 12 &13) contain SCRM requirements for DoD with a focus on DoD contractors ▼ Recent SCRM language added to DFARS (begins implementation of NDAA’s) ▼ DoD has issued only one policy specific to SCRM (DODI 5200.44), a couple Memorandums, but GAO, NIST and SECNAV have all issued additional guidance and requirements ▼ SECNAVINST 4855.20, Counterfeit Materiel Prevention Policy Distribution Statement: A, Unlimited Distribution 4 SCRM Key Terms ▼ Supply Chain Risk:  The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a national security system (as that term is defined at 44 U.S.C. 3542(b)) so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system. (source: FY2011 NDAA Section 806) *Note: Yes, this risk is inherent to the global supply chain ▼ Supply Chain Risk MANAGEMENT:  A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout DoD’s “supply chain” and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal). (Source: DoDI 5200.44) *Note: similar processes are used in DLA, NSA and other U.S. Government and Private entities Distribution Statement: A, Unlimited Distribution 5 SCRM Process in DON ▼ Criticality Analysis/Critical Function Analysis  An end-to-end functional decomposition performed by Systems Engineers, Operations, Logistics, and other program personnel to identify mission critical functions and components. Includes identification of system missions, decomposition into the functions to perform those missions, and traceability to the hardware, software, and firmware components that implement those functions. Criticality is assessed in terms of the impact of function or component failure on the ability of the component to complete the system missions(s). ▼ Mission Critical Functions  Any function, the compromise of which would degrade the system effectiveness in achieving the core mission for which it was designed.* *Source: DODI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN) Distribution Statement: A, Unlimited Distribution 6 SCRM Risk Overview ▼What’s the Risk?  Supply Chain ‘Risk” perspective is risk from the supply chain, vice risk to the supply chain.  Risk is always based on Threat × Vulnerability. In the case of the (global) supply chain, it’s the risk that an adversary (threat) will compromise a component or

Recently converted files (publicly available):