Month'S This National Supply Chain Focus Integrity Month
VOLUME 3 ISSUE 4April 2022THISMONTH’SFOCUSDID YOU KNOW?Protecting the ICT supplychain is a supply chainsecurity force-multiplierfor all other critical supplychains.CDSE – Center for Development ofSecurity Excellence@TheCDSECenter for Development ofSecurity ExcellenceCDSE PulsePublished by the DefenseCounterintelligence and Security Agency(DCSA) Center for Development ofSecurity Excellence (CDSE) Marketing andCommunications Office.DCSA LeadershipWilliam K. Lietzau Daniel LecceDirector, DCSADeputy Director, DCSAKevin JonesAssistant Director,TrainingErika RagoneseDeputy AssistantDirector, TrainingCDSE LeadershipHeather MardagaDirectorZinethia ClemmonsChief, Shared ServicesPulse StaffAdriene BrownSamantha DambachChief Content Officer Natalie PerkinsContent Developers/Isaiah BurwellManagersContent WriterMarc PulliamContent DesignerNATIONAL SUPPLY CHAININTEGRITY MONTHNATIONAL SUPPLY CHAIN INTEGRITY MONTH:A CALL-TO-ACTION CAMPAIGNThis April marks the fifthannual National SupplyChain Integrity Monthfor organizations acrossthe country. During themonth, the Departmentof Defense (DOD), theOffice of the Directorof National Intelligence(ODNI), the Cybersecurityand Infrastructure SecurityAgency (CISA), and othergovernment and industrypartners will promote acall-to-action campaign to“Fortify the Chain.”For this month, the NationalCounterintelligence andSecurity Center (NCSC),located within ODNI, hasreleased new supply chainrisk management resourcesto help industry andgovernment stakeholders.Visit the NCSC supplychain website to findinformation on supplychain threats, bestpractices, and links to otherpartner agency resources.As the Nation’s riskadvisor, one of CISA’s toppriorities is to help securethe global informationand communicationstechnology (ICT) supplychain from emergingthreats. ThroughoutApril, CISA is promotingresources, tools, andinformation to helporganizations and agenciesprotect their ICT supplychains. To access CISA’sonline resources visit theirSupply Chain IntegrityMonth webpage.The Center forDevelopment of SecurityExcellence (CDSE)scheduled two webinarsto support Supply ChainIntegrity month. The firstevent “Supply Chain Past,Present, and Future” washeld on April 7. If youmissed it, there will beanother opportunity toview the webinar onceit is posted online. Thereis still time to registerfor our second event“Microelectronics andSupply Chain 2022” onThursday, April 28, 2022,12:00 – 1:00 p.m. ET. Joinus for this live discussionthat will go in-depth onmicroelectronics issues andconcerns, practical stepsthe security community cantake, and what we need tobe aware of to secure themicroelectronics supplychain.CISA THEMES FOR THE MONTH INCLUDE:Week 1: Power in Partnership – Fortify the ChainWeek 2: No Shortages of Threats – Educate to MitigateWeek 3: Question, Confirm, and Trust – Be Supplier SmartWeek 4: Plan for the Future – Anticipate ChangeSign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html1
VOLUME 3 ISSUE 4April 2022A JOINT EFFORT: SECURING THE ICT SUPPLY CHAINThis year’s NationalSupply Chain IntegrityMonth theme focuses onsecuring the informationand communicationstechnology (ICT) supplychain and ExecutiveBranch efforts to addressthis critical issue. Everycompany, organization,and individual that usesICT products and services,such as cell phone devices,online banking, and cloudcomputing, is part of aglobally connected supplychain.“This year’s campaign isfocused on fortifyingthe U.S. Informationand CommunicationsTechnology (ICT) supplychain, which powersAmerica’s nationalsecurity missions,critical infrastructuresectors, and privatesector innovations,” saidMichael Orlando, SeniorOfficial Performingthe Duties of NCSCDirector.”Supply chain risk increaseswhen adversaries attemptto exploit ICT and theirrelated supply chains forthe purposes of espionage,sabotage, and foreigninterference activity.Vulnerabilities in supplychains, either developedintentionally for maliciousintent or unintentionallythrough poor securitypractices, can enable dataand intellectual propertytheft, loss of confidence inthe integrity of the system,or exploitation to causesystem or network failure.Increasingly, adversaries,including foreignadversaries such as Russia,China, North Korea, andIran, are looking at thesevulnerabilities as principalattack vectors.According to one privatesecurity report, softwaresupply chain attacksmore than tripled in 2021compared to 2020. Theexploitation of thesevulnerabilities raised thebar for software securityand the need for morepublic-private partnerships.provide recommendationsand guidance to helpshape trusted supply chainpractices.Over the next severalmonths, the Task Force’sefforts will include thelaunch of a new HardwareBill of Materials WorkingGroup, continuation oftwo current workinggroups, and scoping of twoadditional efforts relatedto promoting softwareassurance and, the utility ofSoftware Bill of Materials.The ongoing COVID-19pandemic highlightedvulnerabilities in complexglobal supply chains invery real ways to the public,government, and industry.In order to strengthenthe national industrialbase during times ofdisruption, the Presidentsigned Executive Order(E.O.) 14017 on February24, 2021. The E.O. calls fora comprehensive reviewof supply chains in criticalsectors, including thedefense industrial base(DIB).In response to E.O.14017, the Departmentof Commerce andDepartment of HomelandSecurity released aone-year report titled,“Assessment of the CriticalSupply Chains Supportingthe U.S. Informationand CommunicationsTechnology Industry.”The report defines thecritical sectors andsubsectors supportingthe ICT industry, evaluatesIn December 2018, CISAestablished the ICT SupplyChain Risk Management(SCRM) Task Force. TheICT SCRM Task Force is apublic-private partnershipfocused on global ICTsupply chain security. Itis composed of a diverserange of professionalswithin the InformationTechnology andCommunications Sectorswith representatives fromlarge and small privatesector organizations andfederal agencies. Thisincludes subject matterexperts, infrastructureowners and operators, andother key stakeholders whoSign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html2
VOLUME 3 ISSUE 4April 2022the current supply chainconditions, identifieskey risks that threatento disrupt those supplychains, and proposeseight recommendations tomitigate risk and strengthensupply chain resiliency.DOD also released thereport “Securing DefenseCritical Supply Chains,”February 24, 2022, inresponse to E.O. 14017.This report outlinesgovernment and nationalstrategies for assessing andstrengthening critical DIBsupply chains.“This report is a strategicroadmap for thedepartment to buildlasting resilience in ourdefense industrial base.”Andrew Hunter, ActingUnder Secretary ofDefense for Acquisitionand Sustainment.In the report, DODhighlights a set of strategicenablers that underpinoverall mission success andsupply chain resilience. Oneof those strategic enablersis cyber posture. MakingCybersecurity-Supply ChainRisk Management (C-SCRM)a priority was identified askey to enhancing supplychain cyber resilience.Cybersecurity-SupplyChain Risk Management(C-SCRM) efforts managesupply chain risk byidentifying susceptibilitiesand vulnerabilities tocyber-threats throughoutthe supply chain anddeveloping mitigationstrategies to counterthose threats whetherpresented by the supplier,the supplier’s products andits subcomponents, or thesupply chain (e.g., initialproduction, packaging,handling, storage, transport,mission operation, disposal).Several organizationsprovide C-SCRM trainingand resources forgovernment and industrypersonnel. NCSC, CISA andCDSE all have a wealthof training and resourcesavailable to increaseC-SCRM knowledge andraise awareness of threats,mitigations, and bestpractices to improve supplychain integrity. Theselearning and awarenessresources are designed toemphasize the role thatwe all have in securing ICTsupply chains.ICT products and servicesensure the continuedoperation and functionalityof U.S. critical infrastructure.When a supply chainincident occurs, everyonesuffers: buyers, suppliers,and users. Governmentand industry partners havecome together to combatthe threats to ICT. Securingthe global ICT supply chainfrom the evolving risks oftomorrow through trainingand awareness should bea priority for industry andgovernment personnel.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html3
VOLUME 3 ISSUE 4April 2022SUPPLY CHAIN INTEGRITY RESOURCESCDSE has several toolkits that include courses to enhance supply chain knowledge and performance support toolsthat provide information to help perform role-based tasks and raise understanding and awareness of supply chain riskmanagement policies, potential threats/vulnerabilities, and mitigation strategies: Acquisition isition-Toolkit/ Counterintelligence Awareness Toolkit: Supply Chain Risk Management ntelligence-Awareness-Toolkit/ Cybersecurity: Supply Chain Risk Management urity-Toolkit/ Insider Threat Toolkit: Cyber Insider Threat/User Activity Monitoring Threat-Toolkit/ Deliver Uncompromised ver-Uncompromised-Toolkit/ Operation Warp Speed (OWS) and Beyond ation-Warp-Speed-and-Beyond-Toolkit/This includes several supply chain integrity month posters: Insider Risk in Software Supply -chain/ Keep the Troops /Article/2753947/supply-chain-month/ Deliver UncompromisedINSIDER RISKIN SOFTWARESUPPLY CHAINSOUR SOFTWARE MAY BETRUSTED, BUT IS IT SECURE?A software supply chain attack occurswhen malicious code is deliberately addedto a component, with intent to distributethe malicious code to a target furtherdown the supply chain. These attacks aimto compromise systems and data, and mayalso cause collateral damage.INSIDERS:VULNERABILITIES TOSOFTWARE INTEGRITY:ENHANCE SOFTWAREINTEGRITY WITH:Create source code, design applications, andcontribute to software developmentInsiders wittingly or unwittingly introducemalware to applicationsReview, test, and license applicationsfor usageInsiders utilize un-vetted dependenciesduring developmentCode signing: code with a trusted,cryptographically secure indicator thatsoftware has been approved by itsdeveloper and not subsequently modified.Update, maintain, and repair existingsoftwareInsiders fail to patch software or delaydeployment of more secure applicationsHashing: unique strings of informationgenerated by hashing algorithms,distributed by developers to verify softwarehas not been modified.Share, distribute, and utilize applicationsUser Activity Monitoring: detect anomalousor concerning network behaviors that mayput the organization at s/Article/2753845/deliver-uncompromised-campaign/ Supply Chain Resilience member: Trusted insiders have access to assets at all stages in the supply chain. Damage to the supply chain caused by insiders may leadto reduced military strength and mission readiness; loss of reputation, innovation, and industry advantage; and financial instability.Center for Developmentof Security Excellencewww.cdse.eduNCSC and CISA also have resources to raise awareness and educate industry and government personnel on supply chainintegrity issues and best practices: NCSC Supply Chain Risk we-do/ncsc-supply-chain-threats NCSC Awareness areness-materials CISA National Integrity onth CISA ICT Supply Chain ry CISA ICT Supply Chain it ICT SCRM Task Forcehttps://www.cisa.gov/ict-scrm-task-forceSign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html4
VOLUME 3 ISSUE 4April 2022NEW DIGITAL BADGING OPTIONCDSE WINS HORIZON AWARDSCDSE recently launched the CDSE DigitalBadging and Transcript Service for courseswith an American Council on Education’sCollege Credit Recommendation. TheACE College Credit RecommendationService (CREDIT) connects CDSE courseswith colleges and universities by helpingemployees gain access to academic credit for formalcourses and examinations taken outside traditionaldegree programs.CDSE won six Horizon Interactive Awards and wasrecognized as a Distinguished Agency in the 2021competition. CDSE received six bronze trophies for thefollowing CDSE products:ACE Creditrecommendationsallow students totransfer credit earnedfrom approved coursestoward completionof degree programs.Students who havecompleted a CDSE ACECredit Recommendedcourse are eligibleto receive a digitalbadge through theCredly website. Digitalbadges are electronicrepresentations oftraditional papercertificates and offerseveral benefits: Provides verified digital recognition for acquiring newskills Allows hiring managers to easily validate acquiredcompetencies Third parties can verify status of credentials in secondsonline Easily share accomplishments and skillsets on socialmedia Send official transcripts directly from Credly websiteTraining/eLearning: Department of Defense (DOD) Mandatory ControlledUnclassified Information (CUI) Training/eLearningWebsites (Bronze)Videos: Center for Development of Security Excellence (CDSE)“Communication Products ” PSA Video – Advertisement/Commercial (Bronze) Center for Development of Security Excellence (CDSE)“Professional Affiliations” PSA Video – Advertisement/Commercial (Bronze) Center for Development of Security Excellence (CDSE)“Industry” PSA Video – Advertisement/Commercial(Bronze) Center for Development of Security Excellence (CDSE)“Education vs. Training ” PSA Video – Instructional(Bronze) Center for Development of Security Excellence(CDSE) The “Insider Threat Overview for FSOs” Video Instructional (Bronze)The Horizon Interactive Awards is a prestigiousinternational competition recognizing outstandingachievement among interactive media producers. In its20th year, the Horizon Interactive Awards recognize thebest websites, videos, online advertising, print media, andmobile applications. Learn more by visiting the HorizonInteractive Awards website.To learn more about the services offered and requesta CDSE ACE digital badge or transcript, visit MyCertificates/Digital Badges/Transcripts.Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.html5
VOLUME 3 ISSUE 4April 2022CDSE’S INSIDER THREATVIGILANCE CAMPAIGN 2022The 2022 Insider Threat Vigilance Campaign will bepromoting a different theme each month and publishing/distributing awareness materials relevant to that themein unique ways throughout the year. Regular messagingthrough communication and awareness materialsreinforces annual insider threat awareness training andhelps ensure the workforce is prepared to recognize andrespond to the insider threat.Use this campaign or consider tailoring it to yourorganization with resources from our website: https://www.cdse.edu/Training/ Toolkits/Insider-Threat-Toolkit/.INSIDER THREAT SENTRY APPHave you downloaded the InsiderThreat Sentry App? This mobileaddition to CDSE’s insider threatportfolio expands the availabilityof posters, videos, securityawareness games, job aids, casestudies, and more. The applicationis available for users from theAndroid and iOS app stores. The app provides directaccess to relevant insider threat content in one easy-touse place. Download it today!WHAT THE SECURITY COMMUNITY IS SAYINGCourse: Protecting Assets in the NISP CI117.16“This training was very logical & easy to follow. The exercisequestions & final exam included questions (information) thatwas covered during the course/training.”“I thought the training was very well done in this section of thecourse. Material was up to date, presented in a logical manner,and easy to understand.”Cyber Insider Threat Course INT280.16“I enjoyed this course much more than all the other courses I’vetaken. The format and the way the material was presented waswell done.”Sign up for the latest security awareness newsletters at https://www.cdse.edu/news/index.htmlDisclaimer: The editorial content of this publication is the responsibility of the Center for Development of Security Excellence Marketing and Communications Office.6
supply chain resilience. One of those strategic enablers is cyber posture. Making Cybersecurity-Supply Chain Risk Management (C-SCRM) a priority was identified as key to enhancing supply chain cyber resilience. Cybersecurity-Supply Chain Risk Management (C-SCRM) efforts manage supply chain risk by identifying susceptibilities and vulnerabilities to
Business card 3.5 by 2.3 85/month color 59/month B&W Quarter page 3.5 by 4.5 130/month color 89/month B&W Half page 7.5 by 4.5 210/month color 149/month B&W Full page 7.5 by 9.5 350/month color 249/month B&W Full page free-standing insert 8.5 by 11 450/month color 400/month B&W
Weymouth Golf Club, Medina, OH Contact: Tony Deluca 1-800-666-6233 e is. National Candy Month National Hunger Awareness Month National Iced Tea Month National Papaya Month National Seafood Month National Soul Food Month Turkey Lovers’ Month Statement of Ownership The AFPD F
1a00/1r00 postage meter rentalsmeter for dm500-dm1100 160.00/month 125.00/month 22% 1h00-ml postage meter rentalsmeter for sendpro c200 35.00/month 27.30/month 22% 1h00-mm postage meter rentalsmeter for sendpro c300/c400 50.00/month 39.00/month 22% 1r0t postage meter rentalspsd, us dm infinity commercial meter 137.00/month 104.52/month 24%
Cervical Health Awareness Month Glaucoma Awareness Month National Birth Defects Prevention Month National Blood Donor Month Thyroid Awareness Month National Radon Action Month . International Stuttering Awareness Day - October 22 Red Ribbon Week - October 23-31 World Psoriasis D
National Stalking Awareness Month Slavery and Human Trafficking Prevention Month National Birth Defect Months National Blood Donor Month MLK Day of Service National Glaucoma Awareness Month National Stalking Awareness Month Stalking is a dangerous crime that affected 6.6 million adults in the United States in one year. The better we
Independent Personal Pronouns Personal Pronouns in Hebrew Person, Gender, Number Singular Person, Gender, Number Plural 3ms (he, it) א ִוה 3mp (they) Sֵה ,הַָּ֫ ֵה 3fs (she, it) א O ה 3fp (they) Uֵה , הַָּ֫ ֵה 2ms (you) הָּ תַא2mp (you all) Sֶּ תַא 2fs (you) ְ תַא 2fp (you
In the 26 years since 有iley publìshed Organic 1于ze Disconnection Approach 色y Stuart Warren,由自approach to the learning of synthesis has become while the book Ìtself is now dated in content and appearance' In 唱Tiley published Organic and Control by Paul Wyatt and Stuart 轧Tarren. Thís muc如柱。okís as a
5 Number of Occasions Score A % absence rate Score B 1 – 3 occasions in a rolling 12 month period 1 2% absence in a rolling 12 month period 1 4 – 6 occasions in a rolling 12 month period 2 2 – 3.9 % absence in a rolling 12 month period 2 7 – 9 occasions in a rolling 12 month period 3 4 – 5.9 % absence in a rolling 12 month period 3 10 - 15 more occasions in a rolling 12 month
