Cybersecurity Supply Chain Risk Management (C-SCRM) Kill Chain

The concept of the Cybersecurity Supply Chain Risk Management (C-SCRM) Kill Chain is to create an efficient project roadmap for implementing reasonably-expected C-SCRM practices. The resulting C-SCRM Kill Chain is a viable approach for organizations to use in order to create a prioritized project plan for implementing a C-SCRM program.


The C-SCRM Kill Chain is made up of 24 steps that can be applied both to internal practices and Third-Party Service Providers (TSP). Realistically, an organization must first “master the fundamentals” and have its own house in order before proactive oversight of TSP is feasible.


​The C-SCRM Kill Chain is based on the principles of the Integrated Controls Management (ICM) model:

- Establish context

- Define applicable controls

- Assign maturity-based criteria

- Publish policies & standards

- Assign stakeholder accountability

- Maintain situational awareness

- Manage risk

- Evolve process



30 views0 comments