A presidential advisory agency has established an interagency partnership at the direction of Congress to share information about supply chain security risks in the communications equipment and services industries to help thwart potential threats to national security.
The Communications Supply Chain Risk Information Partnership (C-SCRIP) “is aimed primarily at trusted small and rural communications providers and equipment suppliers, with the goal of improving their access to risk information about key elements in their supply chain,” the National Telecommunications and Information Administration (NTIA) said in a notice in the July 8 Federal Register.
NTIA, an executive branch agency within the Department of Commerce, advises the president on telecommunications and information policy issues.
The C-SCRIP was mandated in the Secure and Trusted Communications Network Act of 2019, which was signed into law in March by President Trump. In addition to establishing the supply chain security risk information sharing program, the law prohibits the use of certain federal funds to purchase communications equipment or services from companies that pose a national security risk to U.S. communications networks. The Federal Communications Commission is responsible for maintaining the list of banned equipment and services.
The law also requires communications providers to annually submit to the FCC any banned equipment they purchased or leased and why. It also establishes a reimbursement program to provide small communications providers with funding to offset the cost of removing and replacing prohibited equipment and services with trusted products and services.
The NTIA is working with the Office of the Director of National Intelligence, the Department of Homeland Security, FBI and the FCC to establish C-SCRIP. The program will be rolled out in four phases beginning with its establishment and a report to Congress on its working plans and how it will quickly get security clearances out to more trusted providers.
The program will go operational in the second phase and will begin briefing trusted providers as needed.
In Phase 3 processes and means to share information and alert with trusted providers will become formalized and in the final phase NTIA will begin to make adjustments to the program.