CISA task force adds working group on 'attestation frameworks' to manage distinct elements of supply-chain risk

CISA's Information and Communications Technology Supply Chain Risk Management Task Force voted Wednesday to establish a working group that will focus on the development of frameworks for attesting to best practices in six areas of supply-chain risks.

“The development of this new working group is timely given the risks we are facing [from] the ICT supply chain and broader critical infrastructure community,” said Bob Kolasky, CISA’s assistant director for the National Risk Management Center and one of three task force...