Abstract
This article proposes a unified model of best practice for information and communications technologies (ICT) supply chain risk management (SCRM). Ensuring proper ICT–SCRM governance is an important national priority because of the vulnerability of current supply chains to attack by nation-states and other adversaries. This article presents a comprehensive control framework based on lifecycle practices, which is designed to address ICT product integrity concerns in the global marketplace.
Hence that general is skilful in attack whose opponent does not know what to defend. —Sun Tzu (Citation Giles, 1910 ), 496 BC