Xacta® Supply Chain Risk Management

Use automation to uncover security gaps in your cyber supply chain and assure your day-to-day business activities.

Supply chain risk management is a major topic of concern for many security and compliance professionals.  Managing the risks and vulnerabilities associated with your organization’s information and communications technology (ICT) systems and services is a difficult task, and nearly impossible to manage without automation.

Now, Telos® introduces an Xacta 360 offering that is purpose-built to address this very specific need: Supply Chain Risk Management (SCRM).  Xacta SCRM builds upon the information from authoritative supply chain risk management resources, like:

  • NIST SP 800-161
  • NIST Cybersecurity Framework
  • CISA ICT SCRM Working Group threat data

Automate processes for managing cyber supply chain risks

Conduct cyber supply chain impact assessments

Generate risk treatment plans for each risk element of a given supply chain

Create and maintain a cyber supply chain risk management plan for your organization

Categorize vendor profiles and associate them with their contracts and offerings

Log and track supply chain incidents (by vendor)

  • How does the Xacta SCRM offering work?

    As is true with other Xacta 360 offerings for the NIST RMF and FedRAMP, Xacta SCRM works much like tax preparation software, helping the user navigate the end-to-end process.

    Users are presented with a series of input screens that collect and organize all of the data needed for the cyber supply chain impact assessment. These screens are organized in a logical manner and prompt the user to answer questions and input the data needed to gain insights into cyber supply chain risks.

    The offering generates the documentation (SCRM and risk treatment plans) as a byproduct of the process. You do not have to generate these documents from scratch at the end of the process. Xacta SCRM does this for you based on your inputs.

  • How will the Xacta SCRM offering benefit me?
    • You will not have to rely on email and spreadsheets to manage the process. The offering centralizes cyber supply chain risk management activities, underlying data, audits, and evidence.
    • The offering can reduce the cybersecurity and information assurance expertise required to complete cyber supply chain risk management activities.
    • This simplification of the process also reduces your dependency on expensive, hard-to-find cybersecurity and IA personnel.
    • Xacta SCRM automatically generates evidentiary documents when you need them.
    • The offering allows you to efficiently manage and maintain your cyber SCRM program over time by utilizing automated control periodicity.
    • Xacta SCRM gives you the peace of mind you are performing due diligence when it comes to assuring your cyber supply chain.
  • Who should use Xacta SCRM?
    • Organizations starting out on their cyber SCRM journey
    • Organizations with an established cyber SCRM program who would like to evaluate it using NIST SP 800-161
    • Organizations that need to manage and track their vendor compliance

Request a Demo
Let us show you Xacta in action.