Xacta® Supply Chain Risk Management

Use automation to uncover security gaps in your ICT supply chain and assure your day-to-day business activities.

Supply chain risk management is a major topic of concern for many security and compliance professionals.  Managing the risks and vulnerabilities associated with your organization’s information and communications technology (ICT) systems and services is a difficult task, and nearly impossible to manage without automation.

Now, Telos® introduces an Xacta 360 offering that is purpose-built to address this very specific need: Supply Chain Risk Management (SCRM).  Xacta SCRM builds upon the information from authoritative supply chain risk management resources, like:

  • NIST SP 800-161
  • NIST Cybersecurity Framework
  • CISA ICT SCRM Working Group threat data

Automate processes for managing ICT supply chain risks

Conduct ICT supply chain impact assessments

Generate risk treatment plans for each risk element of a given supply chain

Create and maintain an ICT supply chain risk management plan for your organization

Categorize vendor profiles and associate them with their contracts and offerings

Log and track supply chain incidents (by vendor)

  • How does the Xacta SCRM offering work?

    As is true with other Xacta 360 offerings for the NIST RMF and FedRAMP, Xacta SCRM works much like tax preparation software, helping the user navigate the end-to-end process.

    Users are presented with a series of input screens that collect and organize all of the data needed for the ICT supply chain impact assessment. These screens are organized in a logical manner and prompt the user to answer questions and input the data needed to gain insights into ICT supply chain risks.

    The offering generates the documentation (SCRM and risk treatment plans) as a byproduct of the process. You do not have to generate these documents from scratch at the end of the process. Xacta SCRM does this for you based on your inputs.

  • How will the Xacta SCRM offering benefit me?
    • You will not have to rely on email and spreadsheets to manage the process. The offering centralizes ICT supply chain risk management activities, underlying data, audits, and evidence.
    • The offering can reduce the cybersecurity and information assurance expertise required to complete ICT supply chain risk management activities.
    • This simplification of the process also reduces your dependency on expensive, hard-to-find cybersecurity and IA personnel.
    • Xacta SCRM automatically generates evidentiary documents when you need them.
    • The offering allows you to efficiently manage and maintain your ICT SCRM program over time by utilizing automated control periodicity.
    • Xacta SCRM gives you the peace of mind you are performing due diligence when it comes to assuring your ICT supply chain.
  • Who should use Xacta SCRM?
    • Organizations starting out on their ICT SCRM journey
    • Organizations with an established ICT SCRM program who would like to evaluate it using NIST SP 800-161
    • Organizations that need to manage and track their vendor compliance

Request a Demo
Let us show you Xacta in action.