Enhancing Cybersecurity Supply Chain Risk Management (C-SCRM) for the Department of the Interior

InterSec Inc, partnering with Exiger Government Solutions, streamlined data collection processes and integrated real‐time risk monitoring to help the Department of the Interior comply with Executive Order 14028 on C-SCRM.

Download Case Study
All Case Studies
C-SCRM

Background

The Department of the Interior (DOI) manages a vast array of natural resources and federal lands. Given its broad operational scope, DOI interacts with numerous third-party vendors providing hardware, software, and services.
The Client
US Department of Interior
Industry
Federal

The Challenge

  • Regulatory Pressure: DOI needed to align with Executive Order 14028 and OMB Memorandum M-22-18.
  • Complex Supply Chain: Multiple third-party vendors and suppliers introduced significant visibility and security risks.
  • Data Collection & Analysis: DOI lacked a centralized mechanism to gather and assess vendor security posture efficiently.

Approach and Strategy

  • C-SCRM Framework: Developed a structured model to identify, analyze, and remediate risks at each stage of the supply chain.
  • Continuous Engagement: Worked closely with DOI’s internal IT and procurement teams to integrate new protocols without disrupting operations.

Solution & Implementation

  • Vendor, HBOM & SBOM Analyses
    • Conducted hardware and software bill‐of‐materials audits to detect counterfeit or risky components.
    Real-Time Risk Monitoring
    • Deployed dashboards and alert systems for continuous oversight of third-party vulnerabilities and compliance statuses.
    Secure Information Sharing
    • Created a secure portal to share threat intelligence among relevant DOI stakeholders and approved vendors.
    Systems Integration
    • Embedded C-SCRM capabilities into existing DOI systems for seamless data collection and reporting.

Results / Outcomes

  • Met Federal Mandates: Achieved full compliance with EO 14028 and OMB Memorandum M-22-18.
  • Strengthened Vendor Oversight: Enhanced transparency into hardware/software sources, reducing hidden vulnerabilities.
  • Improved Overall Cybersecurity Posture: Bolstered DOI’s ability to anticipate, detect, and mitigate supply chain threats.

Lesson Learned

  • Tailored, Not One-Size‐Fits‐All: InterSec Inc adapted C-SCRM best practices specifically for DOI’s vast operational structure.
  • Real‐Time Insights: Ongoing visibility allowed for immediate remediation strategies, lowering risk exposure.
Untitled UI logotextLogo

Expert Cybersecurity Solutions for Federal, State and Commercial Organizations

Company
About
Partners
Contract Vehicles
Download Capability
Technology Partners
Solutions
Cybersecurity Advisory
Cybersecurity Architecture and Engineering
Threat and vulnerability management
DFARS/NIST Compliance
Managed Security Services
Cyber Workforce Development
Resources
Blogs
Guides
Case Studies
Whitepapers
Copyright@Intersec, Inc.
Terms

Privacy