Sharing Supply Chain Risk Information to Increase Resilience

This report is the culmination of a multi-year effort by the Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to address the issues of sharing SCRI between companies and government entities. The initial work defined a common framework for the bi-directional sharing of actionable SCRI between federal government and industry.

This report focused its research on paths to limit certain state law causes of action, to which a business may be exposed to by virtue of its sharing of SCRI. This report offers research by SMEs on legal and policy considerations to be used by private enterprises or the government in seeking to address the issue of liability limitations. It contains consensus input from non-federal members and does not reflect the official policy or position of the federal government or its official representatives.