CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019.

As the 6th annual National Supply Chain Integrity Month concludes, CISA reminds all critical infrastructure owners and operators to take necessary steps in securing the nation’s most critical supply chains. CISA urges organizations to incorporate the Covered List into their supply chain risk management efforts, in addition to adopting recommendations listed in Defending Against Software Supply Chain Attacks—a joint CISA and NIST resource that provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework to identify, assess, and mitigate risks. All critical infrastructure organizations are also urged to enroll in CISA’s free Vulnerability Scanning service for assistance in identifying vulnerable or otherwise high-risk devices such as those on FCC’s Covered List. To learn more about CISA’s supply chain efforts and to view resources, visit CISA.gov/supply-chain-integrity-month