National Security Space
Department of Defense, Intelligence Agencies
The National Security and Defense Industrial Base support U.S. national security objectives, including supplying military operations, conducting advanced R&D and systems development to ensure technological superiority of the U.S. Armed Forces, securing reliable sources of critical materials, and developing industrial preparedness to support operations in wartime or during a national emergency.
Civil Space Agencies
NASA, NOAA, USGS
Civil space agencies (CSAs) design, develop, deploy and maintain critical national space assets with global supply chains that are increasingly complex, and seen as targets for intentional threats and malicious attacks by adversaries. Given this complex and pervasive challenge, CSAs are looking to apply supply chain risk management (SCRM) approaches to reduce risk across the acquisition life cycle for human spaceflight and environmental sensing programs. Traditional National Security Space (NSS) SCRM practices can be too difficult and expensive for CSA’s to implement. Aerospace has developed guidance for a more agile, tailored approach for CSA SCRM based on NSS best practices ensuring a higher risk tolerance and reducing budget requirements.
Non-space Civil Agencies
Departments of Energy, Health and Human Services, and U.S. Treasury
Ensuring supply chain security for energy networks to support the national security, homeland security, and the commercial bulk power system is a massive and complex undertaking. A cybersecurity supply chain framework is needed to recognize differences in energy suppliers that operate effectively across these systems. Only supplies provided by permitted components and vendors, based on information sharing across federal intelligence organizations, DOE, and other agencies actively receiving information from industry should be permitted. A testing and evaluation system assessing the integrity of components by National Labs and non-governmental organizations to oversee certification is necessary. Evaluation of the most critical components and prioritizing the most critical components is imperative.
Information and Communications Technology (ICT)
ICT is integral for the daily operations and functionality of U.S. critical infrastructure. If vulnerabilities in the ICT supply chain—composed of hardware, software, and managed services from third-party vendors, suppliers, service providers, and contractors—are exploited, the consequences can affect all users of that technology or service.
Multi-agency Practices and Guidance
Aerospace Technical Reports
Technical Subject Area Direction
National-level Guidance
Legislation, Executive Orders, and other Directives
Agency-specific Guidance
Department Directives and Programming
Best Practices
Recommendations and Thought Leadership