DOI faced intensifying pressure to validate vendor components against potential threats yet lacked a centralized means to identify suspect hardware or software in real time. This shortfall exposed the organization to operational disruptions and the risk of violating federal mandates.

• Complex Supply Chain: Hard to authenticate each component across numerous providers
• Visibility Gaps: Lack of centralized data hindered proactive threat detection
• High Compliance Risk: Non-compliance could lead to operational and reputational setback

InterSec developed a robust C-SCRM solution that integrated seamlessly with DOI’s daily processes, ensuring staff could detect and mitigate cyber supply chain risk as routine function rather than a special project.

• Stakeholder Collaboration: Developed custom user guides for admin and regular user, provided ongoing training to stakeholders of the multiple DOI Bureaus and conducted regular office hours to ensure C-SCRM practices are adopted at scale across DOI
• Targeted C-SCRM Framework: Established processes for identifying, analyzing, and mitigating supply chain risks
• Integrated Tools & Dashboards: Provided real-time vendor status updates and alerts

We introduced secure data collection pathways, automated SBOM/HBOM reviews, and coordinated intelligence sharing to empower DOI with immediate insights and rapid threat response options.

InterSec is committed to offering the Agency a C-SCRM Tool Solution that is robust, efficient, and adaptable, guaranteeing not just compliance but also resilience in the face of ever-evolving cybersecurity challenges. Through our focused approach and leveraging the strengths of the product partner, we:

• Efficiently performed data collection and aggregation for third-party profiles to aid cyber risk analysis.
• Ensured genuine and uncompromised hardware and software products and alignment with OMB Memorandum M-22-181.
• Provided real-time risk monitoring and alert stakeholders about risk changes.
• Allowed secure sharing of risk-related information and analyses.
• Delivered intuitive data visualization for risk management.
• Seamlessly integrated with existing systems and data sources.
• Enabled the tool's use across multiple groups with varied data access needs.

Real-time C-SCRM monitoring and thorough oversight enabled DOI to neutralize supply chain risks early, significantly improving both compliance and operational stability.

• Assisted in documenting NIST 800-53 Supply Chain Risk Management (SR) Common Controls to allow consistent inheritance and FISMA/FedRAMP compliance for system owners.
• Fully met EO 14028 and OMB M‐22‐18 directives
• Identified and addressed cyber supply chain risks

‍

Real-time C-SCRM monitoring and thorough oversight enabled DOI to neutralize supply chain risks early, significantly improving both compliance and operational stability.

• Assisted in documenting NIST 800-53 Supply Chain Risk Management (SR) Common Controls to allow consistent inheritance and FISMA/FedRAMP compliance for system owners.
• Fully met EO 14028 and OMB M‐22‐18 directives
• Identified and addressed cyber supply chain risks

‍

Supply Chain Risk Management (C-SCRM) Framework & Implementation, FISMA, FedRAMP Compliance& Regulatory Alignment, Threat Intelligence Integration, SBOM/HBOM Analysis for Third-Party Components, Real-Time Vendor Risk Monitoring & Dashboards, Threat Intelligence Integration, Compliance with EO 14028 & OMB M-22-18