Quick Hits

CISA to Open Supply Chain Risk Management Office

A new supply chain risk management office aims to help public and private sectors implement recent CISA policies and guidance.

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains.

The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit components, or open source software (OSS) vulnerabilities, and more.

Former General Services Administration official Shon Lyublanovits will lead the new supply chain management risk division, Federal News Network (FNN) reported.

"We've got to get to a point where we move out of this idea of just thinking broadly about C-SCRM [cybersecurity supply chain risk management] and really figuring out what chunks I want to start to tackle first, creating that road map so that we can actually move this forward," Lyublanovits said at a recent event, as reported by FNN.