Establishment of the Communications Supply Chain Risk Information Partnership
| Citation | 85 FR 41006 |
| Record Number | 2020-14725 |
| Published date | 08 July 2020 |
| Section | Notices |
| Court | Commerce Department,National Telecommunications And Information Administration |
Federal Register, Volume 85 Issue 131 (Wednesday, July 8, 2020)
[Federal Register Volume 85, Number 131 (Wednesday, July 8, 2020)]
[Notices]
[Page 41006]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-14725]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
Establishment of the Communications Supply Chain Risk Information
Partnership
AGENCY: National Telecommunications and Information Administration,
U.S. Department of Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Telecommunications and Information Administration
(NTIA) announces the establishment of the Communications Supply Chain
Risk Information Partnership (C-SCRIP) in support of the requirements
of Section 8 of the Secure and Trusted Communications Network Act of
2019 (Act). The Act directs NTIA, in cooperation with other designated
federal agencies, to establish a program to share supply chain security
risk information with trusted providers of advanced communications
service and suppliers of communications equipment or services.
DATES: Applicable on July 8, 2020.
ADDRESSES: C-SCRIP, National Telecommunications and Information
Administration, U.S. Department of Commerce, 1401 Constitution Avenue
NW, Washington, DC 20230.
FOR FURTHER INFORMATION CONTACT: Megan Doscher, National
Telecommunications and Information Administration, U.S. Department of
Commerce, 1401 Constitution Avenue NW, Room 4725, Washington, DC 20230;
telephone (202) 482-2503; [email protected]. Please direct media
inquiries to NTIA's Office of Public Affairs, (202) 482-7002, or at
[email protected].
SUPPLEMENTARY INFORMATION: Section 8 of the Secure and Trusted
Communications Network Act of 2019 (Act) directs NTIA, in cooperation
with the Office of the Director of National Intelligence (ODNI), the
Department of Homeland Security (DHS), the Federal Bureau of
Investigation (FBI), and the Federal Communications Commission (FCC),
to establish a program to share ``supply chain security risk''
information with trusted providers of ``advanced communications
service'' and suppliers of communications equipment or services.\1\
Through this Notice, NTIA is announcing the establishment of the
Communications Supply Chain Risk Information Partnership (C-SCRIP), a
partnership to share supply chain security risk information with
trusted communications providers and suppliers.
---------------------------------------------------------------------------
\1\ Secure and Trusted Communications Network Act of 2019,
Public Law 116-124, Sec. 8, 134 Stat. 158, 168 (2020) (codified at
47 U.S.C. 1607).
---------------------------------------------------------------------------
NTIA is collaborating with the ODNI, DHS, FBI, and FCC to establish
the program. This program is aimed primarily at trusted small and rural
communications providers and equipment suppliers, with the goal of
improving their access to risk information about key elements in their
supply chain.\2\ C-SCRIP will allow for regularly scheduled
informational briefings, with a goal of providing more targeted
information for C-SCRIP participants as the program matures over time.
NTIA will aim to ensure that the risk information identified for
sharing under the program is relevant and accessible, and will work
with its government partners to enable the granting of security
clearances under established guidelines when necessary.
---------------------------------------------------------------------------
\2\ See id. Sec. 8(a)(2)(A), (B).
---------------------------------------------------------------------------
NTIA is using a phased approach to establish the C-SCRIP program,
in cooperation with its government partners. In Phase 1, NTIA
establishes the program and develops the required report to Congress on
NTIA's plan to work with its interagency partners on: (1) Declassifying
material to help share information on supply chain risks with trusted
providers; and (2) expediting and expanding the provision of security
clearances for representatives of trusted providers.\3\ During Phase 1,
NTIA will coordinate closely with its federal partners to take
advantage of the existing processes and procedures in place for the
processing of security clearances and the declassification of threat
intelligence and to develop a strategic implementation plan for the C-
SCRIP program to establish primary goals and operating principles for
the partnership. The strategic implementation plan is intended to
harmonize the C-SCRIP program with other government programs to ensure
cohesion and to avoid overlap.
---------------------------------------------------------------------------
\3\ See id. Sec. 8(a)(2)(C).
---------------------------------------------------------------------------
In Phase 2, NTIA will operationalize the program, informed by
public comments, and will establish the methods and means to initiate
and sustain the partnership community of providers and suppliers that
are eligible under the Act to receive supply chain security risk
information.\4\ Phase 2 will be driven by the strategic implementation
plan. In particular, NTIA expects to establish partnership guidelines
during Phase 2, as driven by the Act's requirements. NTIA will also
initiate ad hoc briefings to trusted providers during Phase 2 on an as-
needed basis.
---------------------------------------------------------------------------
\4\ See NTIA, Notice; request for public comments, Promoting the
Sharing of Supply Chain Security Risk Information Between Government
and Communications Providers and Suppliers, 85 FR 35919 (June 12,
2020), available at https://www.ntia.doc.gov/federal-register-notice/2020/request-comments-promoting-sharing-supply-chain-security-risk.
---------------------------------------------------------------------------
In Phase 3, NTIA will refine its methods and means for generating
and sharing information with the C-SCRIP partnership community to best
secure U.S. communications networks against supply chain threats. NTIA
also expects to formalize its process and schedule for briefings and
alerts during this phase, and to establish mechanisms for ongoing
coordination and communication.
During Phase 4, NTIA will evaluate the initiation period of the
program and make recommendations for adjustments or enhancements to
advance the goal of diminishing supply chain risk among program
participants.
Dated: July 2, 2020.
Douglas Kinkoph,
Associate Administrator, Office of Telecommunications and Information
Applications, performing the non-exclusive functions and duties of the
Assistant Secretary of Commerce for Communications and Information.
[FR Doc. 2020-14725 Filed 7-7-20; 8:45 am]
BILLING CODE 3510-60-P
