Cybersecurity Solutions
DX360°® Cyber-Supply Chain Risk Manager (C-SCRM)


Cybersecurity Supply Chain Risk Manager is an essential tool for any organization looking to understand its complex supply chain and manage risks and treatments effectively. The Cyber-Supply Chain Risk Manager app helps organizations to identify, evaluate, assess, quantify, manage and monitor risks hidden in complex supply chains and make better risk-based decisions based on a holistic view. The application enables users to identify, quantify, and manage risk, guides them by providing libraries of risks (introduced by the selection of components, systems, and even vendors for proactive, predictive risk identification), and provides targeted treatments plans for selected risks to improve the organization’s ability to mitigate or reduce their supply chain risks.

The app’s dashboards and analytics provide users at all levels of the organization, across multiple organizational units, with detailed insight as to the impact of supply chain risks allowing them to assign the right resources and treatments to critical risks. The app provides a real-time view of how risks evolve (is the risk increasing/decreasing, or being “burned down” - mitigated), how the treatments are implemented, and if their risk treatments are effective. The risk can be managed at the portfolio or even enterprise level from both a strategic and tactical view. Cybersecurity Supply Chain Risk Manager also provides methods for updating risk profiles for vendors and components, etc. as new data becomes available (service incidents, new vulnerabilities) as well as importing risk and treatment models for extensibility.

Request Demo

Key Features

  • Automated Vendor Onboarding to automatically import vendor data and details
  • Mature Risk Management Processes with Guided Content and Risk Assessment Wizards for maintaining a robust, mature risk management process (identification, evaluation, assessment/prioritization, treatment, monitoring)
  • Multiple Risk and Treatment Models (e.g., NIST SP800-161, component vulnerability lists) for proactive identification and management of specific risks that may be realized when implementing or using systems, components, vendors, and third-party suppliers. The treatment models offer potential best practices and industry intelligence-based response strategies.
  • Support for Cross-Organizational Lifecycle Supply Chain Risk Management across different divisions using different tools and techniques
  • Dynamic Reporting and Analytics with tailorable dashboards and analytics for multiple levels of the organization that provide at-a-glance views of your current risks for both strategic (e.g., portfolio/enterprise risk by source, criticality (score)) and tactical (e.g., risk treatments, mitigation effectiveness, treatment activity completion) insights
  • Customizable Risk Thresholds and Appetite by providing not only a comprehensive view of risk throughout the organization but also a way to set the “bar” so you can assess when your organization has too much risk. This is coupled with the ability to “burn down” risk (lower any risks score) by working through your treatment plan allows dynamic risk management
  • Support for Multiple Risk Sources in a Single Repository through import, view, and management of risks from multiple sources to simplify the view of supply chain risks and better target effective risk mitigation actions


  • Robust Risk Identification based on industry best practices such as NIST SP800-161, known issues/vulnerability lists, and vendor performance ratings
  • Consistent Management of Supply Chain Risks throughout the lifecycle with appropriate treatments for each phase from evaluation and acquisition to decommissioning/retirement.
  • Reduced Time to Start Remediating Risks with effective risk treatments and treatment activities recommendations to jumpstart your risk mitigations
  • Holistic View of Risk considering both strategic and tactical views of supply chain risk to prioritize the resources to support specific mitigation and/or controls
  • Customizable Risk and Treatment Models offer flexibility to add to and modify the models as you develop new risks and treatments