Skip to main content
New InterSec is now ISO/IEC 42001 certified for AI management systems Read the announcement
Book a Call
Security Architecture & Engineering
Cybersecurity Advisory
Threat & Vulnerability Management
Compliance Services
Managed Security Services
Cyber Workforce Development
The Company
How We Engage
Capability Statement

Download our Capability Statement for a complete view of InterSec.

Download Now
Learn & Apply
Research & Outcomes
News & Updates ISO/IEC 42001 Certified

The latest milestones, trends, and analysis from the InterSec team.

Read the latest
Case Study
US Department of Interior Federal engagement

Enhancing Cybersecurity Supply Chain Risk Management (C-SCRM) for the Department of the Interior

InterSec Inc, partnering with Exiger Government Solutions, simplified data collection processes and integrated real‐time risk monitoring to help the Department of the Interior comply with Executive Order 14028 on C-SCRM.

Services delivered
FISMAFedRAMP Compliance& Regulatory AlignmentThreat Intelligence IntegrationSBOM/HBOM Analysis for Third-Party ComponentsReal-Time Vendor Risk Monitoring & Dashboards
Enhancing Cybersecurity Supply Chain Risk Management (C-SCRM) for the Department of the Interior

Background

The Department of the Interior (DOI) manages a vast array of natural resources and federal lands. Given its broad operational scope, DOI interacts with numerous third-party vendors providing hardware, software, and services.

Overview

The U.S. Department of the Interior is pivotal in managing the nation’s public lands, safeguarding natural resources, and advancing environmental protection efforts. Through its commitment to sustainability and conservation, the Department plays a critical role in promoting environmental justice, strengthening climate resilience, and fostering responsible land stewardship.

It also upholds the United States' nation-to-nation relationship with Tribal governments, ensuring the protection of Indigenous lands, cultural heritage, and sovereignty.

The Department of the Interior (DOI) needed to comply with Executive Order 14028 while managing a large network of third‐party hardware, software and service providers. Real‐time risk visibility was essential to avoid compliance lapses and security blind spots. Through close collaboration, InterSec developed an end-to-end C-SCRM solution that aligned with OMB M‐22‐18 and simplified C-SCRM assessments.

By integrating end‐to‐end visibility and advanced threat intelligence, we are helping DOI minimize the potential for cyber risk lurking within its extensive vendors, hardware, and software supply chain

  • Required reliable hardware and software bill of materials (HBOM, SBOM) analyses
  • Needed continuous monitoring tools to meet federal C-SCRM mandate

The Challenge

DOI faced intensifying pressure to validate vendor components against potential threats yet lacked a centralized means to identify suspect hardware or software in real time. This shortfall exposed the organization to operational disruptions and the risk of violating federal mandates.

  • Complex Supply Chain: Hard to authenticate each component across numerous providers
  • Visibility Gaps: Lack of centralized data hindered proactive threat detection
  • High Compliance Risk: Non-compliance could lead to operational and reputational setback

Our Approach

InterSec developed a resilient C-SCRM solution that integrated smoothly with DOI’s daily processes, ensuring staff could detect and mitigate cyber supply chain risk as routine function rather than a special project.

  • Stakeholder Collaboration: Developed custom user guides for admin and regular user, provided ongoing training to stakeholders of the multiple DOI Bureaus and conducted regular office hours to ensure C-SCRM practices are adopted at scale across DOI
  • Targeted C-SCRM Framework: Established processes for identifying, analyzing, and mitigating supply chain risks
  • Integrated Tools & Dashboards: Provided real-time vendor status updates and alerts

Solution & Implementation

We introduced secure data collection pathways, automated SBOM/HBOM reviews, and coordinated intelligence sharing to equip DOI with immediate insights and rapid threat response options.

InterSec is committed to offering the Agency a C-SCRM Tool Solution that is resilient, efficient, and adaptable, guaranteeing not just compliance but also resilience in the face of ever-evolving cybersecurity challenges. Through our focused approach and drawing on the strengths of the product partner, we:

  • Efficiently performed data collection and aggregation for third-party profiles to aid cyber risk analysis.
  • Ensured genuine and uncompromised hardware and software products and alignment with OMB Memorandum M-22-181.
  • Provided real-time risk monitoring and alert stakeholders about risk changes.
  • Allowed secure sharing of risk-related information and analyses.
  • Delivered intuitive data visualization for risk management.
  • Smoothly integrated with existing systems and data sources.
  • Enabled the tool's use across multiple groups with varied data access needs.

Results & Outcomes

Real-time C-SCRM monitoring and thorough oversight enabled DOI to neutralize supply chain risks early, significantly improving both compliance and operational stability.

  • Assisted in documenting NIST 800-53 Supply Chain Risk Management (SR) Common Controls to allow consistent inheritance and FISMA/FedRAMP compliance for system owners.
  • Fully met EO 14028 and OMB M‐22‐18 directives
  • Identified and addressed cyber supply chain risks

Capabilities Demonstrated

Supply Chain Risk Management (C-SCRM) Framework & Implementation, FISMA, FedRAMP Compliance& Regulatory Alignment, Threat Intelligence Integration, SBOM/HBOM Analysis for Third-Party Components, Real-Time Vendor Risk Monitoring & Dashboards, Threat Intelligence Integration, Compliance with EO 14028 & OMB M-22-18

Want results like these for your organization?

Schedule a free consultation. We'll talk through your environment, your timeline, and a clear first step.

Schedule My Call See All Case Studies