[CDP-development] CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans - TLP: WHITE

Tue May 2 12:35:00 PDT 2023

FYSA

CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans<https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-urges-organizations-incorporate-fcc-covered-list-risk-management-plans>

The Federal Communications Commission (FCC) maintains a Covered List<https://urldefense.us/v3/__https:/www.fcc.gov/supplychain/coveredlist__;!!BClRuOV5cvtbuNI!DVvHrcOblVzLnIYNTEzO-TIxKWxkZwSTwPgfQ9YGJnn0ZVR2HLZU7GEcW6YwNMI47AdCSbIuyY2dymrKg7V_CaUAoH7fmZnPnUjU-Ydj$> of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019.

As the 6th annual National Supply Chain Integrity Month<https://www.cisa.gov/news-events/news/cisa-and-partners-launch-national-supply-chain-integrity-month> concludes, CISA reminds all critical infrastructure owners and operators to take necessary steps in securing the nation’s most critical supply chains. CISA urges organizations to incorporate the Covered List into their supply chain risk management efforts, in addition to adopting recommendations listed in Defending Against Software Supply Chain Attacks<https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508.pdf>—a joint CISA and NIST resource that provides guidance on using NIST’s Cyber Supply Chain Risk Management <https://urldefense.us/v3/__https:/csrc.nist.gov/publications/detail/sp/800-161/rev-1/final__;!!BClRuOV5cvtbuNI!DVvHrcOblVzLnIYNTEzO-TIxKWxkZwSTwPgfQ9YGJnn0ZVR2HLZU7GEcW6YwNMI47AdCSbIuyY2dymrKg7V_CaUAoH7fmZnPncDHWTxP$> (C-SCRM) framework to identify, assess, and mitigate risks. All critical infrastructure organizations are also urged to enroll in CISA’s free Vulnerability Scanning <https://www.cisa.gov/resources-tools/services/cisa-vulnerability-scanning> service for assistance in identifying vulnerable or otherwise high-risk devices such as those on FCC’s Covered List.

To learn more about CISA’s supply chain efforts and to view resources, visit CISA.gov/supply-chain-integrity-month<https://www.cisa.gov/supply-chain-integrity-month>.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image007.png at 01D97CF2.6E6B5CC0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230502/e6528c99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 16152 bytes
Desc: image007.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230502/e6528c99/attachment-0001.png>