Cybersecurity Supply Chain Risk Management C-SCRM

Software and Supply Chain Assurance Forum

ABOUT:

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.

The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more. 

SSCA forums are held 2-3 times/year, open to the public, and free. 

While the general intent is to share information, the SSCA Forum also offers government and private sector participants, including international participants, an opportunity to openly collaborate by presenting and receiving feedback on current and potential future work. Most events are two days long and contain a mixture of discussion and presentation; attendee participation is strongly encouraged.

To receive information about upcoming meetings and related publications and activities, please sign up for the sw.assurance Google Group - operated by NIST - here: https://groups.google.com/a/list.nist.gov/forum/#!forum/sw.assurance

HISTORY:

The forum, initially called the Software Assurance (SwA) Forum and Working Groups, started in 2003 as a Department of Homeland Security (DHS)-sponsored Cross-Sector Cyber Security Working Group (CSCSWG) established under auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) that provides legal framework for public-private collaboration and participation. Its purpose was to bring together a stakeholder community to protect the Nation’s key information technologies, most of which are enabled and controlled by software.  Over time, the community evolved and broadened the scope to include additional focus on the supply chain. Events were held quarterly; Summer and Winter sessions were intended for working group-type discussions while the Spring and Fall sessions were reserved for more traditional forum presentations.

UPCOMING EVENTS:

SSCA Forums are held several times a year and are FREE and OPEN to the public. Registration is required.

The next SSCA Forum will be held IN PERSON at MITRE, in McLean, VA, on January 27-28, 2026. 

• DATES: January 27-28, 2026
• LOCATION:  MITRE McLean, VA Campus 
• REGISTRATION: https://na.eventscloud.com/website/23612/ (OPENS in DECEMBER)
• DRAFT AGENDA:  AVAILABLE IN JANUARY
• AGENDA TOPICS:  Tentative agenda topics for this session will be available when registration opens in December. 

PAST EVENTS:

 Links to presentation slides speakers have agreed to share will be embedded in the corresponding agendas below: