Exiger and The Chertoff Group today announced the release of the Supply Chain Product Assurance Playbook, a proven and scalable process that identifies, assesses, and remediates risks in hardware and software products and supply chains. The solution is widely applicable across the public and commercial markets, enabling organizations to combat growing Foreign Ownership Control or Influence (FOCI) exposure, counter forced labor in supplier networks, demonstrate product integrity, and proactively comply with emerging regulations related to product and supply chain security. Rapidly becoming the industry standard, the Playbook eliminates impediments to public-private collaboration, facilitating trust and transparency.
The Supply Chain Product Assurance Playbook leverages Exiger’s AI-native technology to map and continuously monitor software and hardware products and supply chains, and The Chertoff Group’s expert cybersecurity expertise, regulatory insight and national security market knowledge to design and implement supply chain risk mitigations. This nexus of cutting-edge technology, actionable insights, and regulatory expertise accelerates the supply chain risk management lifecycle—achieving measurable risk reduction and trust-building.
“If you can’t demonstrate product assurance through enhanced sub-tier visibility – including parts, components and software – you run the risk of not being able to do business with the Department of Defense, other government agencies, and some of the world’s largest organizations,” said Carrie Wibben, Exiger President. “This joint offering empowers organizations to assure their critical product supply chains on a continuous basis and removes barriers to vital public-private collaboration.”
The Supply Chain Product Assurance Playbook process is suitable for any industry, including energy, telecommunications, defense, healthcare, and the U.S. Government. Exiger’s Federal Cloud, a FedRAMP Moderate Authorized platform, ingests, aggregates, and analyzes bills of materials (BOMs) and parts data marked as Controlled Unclassified Information (CUI) so that companies delivering mission-critical hardware and software products can engage in the Playbook process with confidence. Vendors and customers collaboratively analyze identified risks and prioritize mitigations so that vendors can invest resources for the greatest impact. Continuous monitoring of evolving supply chains and digital supplies is a key element of the solution that allows for new risks and vulnerabilities to be proactively addressed.
Chad Sweet, CEO and co-founder of The Chertoff Group said, “When backed by Exiger’s market leading supply chain tools, our proven cybersecurity and regulatory risk profiling and mitigation strategies can help those who need to demonstrate supply chain integrity, as well as those who want to provide proactive assurance and gain competitive advantage in the marketplace.”
The Supply Chain Product Assurance Playbook delivers:
Trusted products: Create trusted relationships with customers and regulators through demonstrated proactive investment in risk identification and remediation in products integral to operations.
- Resilient supply chains: Sub-tier visibility and item-level mapping enables companies to rapidly respond to unexpected disruptions, geopolitical conflicts, natural disasters, or capacity shortfalls.
- Validated and up-to-date HBOMs and SBOMs: Generate or verify software bills of materials (SBOMs) through binary analysis, validate hardware bills of materials (HBOMs) and continuously monitor suppliers, store BOMs in a platform that permits real-time changes to product composition or supply base.
The Supply Chain Product Assurance Playbook facilitates compliance with existing global regulations relevant to both the public and commercial sectors, such as the Uyghur Forced Labor Prevention Act, the U.S. National Institute of Standards and Technology (NIST) standards, U.S. federal supply chain and acquisition directives, Executive Orders 14028/14017, and various European laws, including the German Supply Chain Act, the EU Supply Chain Act, and the EU Critical Raw Materials Act.
Click here to request more information about the Supply Chain Product Assurance Playbook.