[Federal Register Volume 85, Number 131 (Wednesday, July 8, 2020)]
[Notices]
[Page 41006]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-14725]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Telecommunications and Information Administration


Establishment of the Communications Supply Chain Risk Information 
Partnership

AGENCY: National Telecommunications and Information Administration, 
U.S. Department of Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The National Telecommunications and Information Administration 
(NTIA) announces the establishment of the Communications Supply Chain 
Risk Information Partnership (C-SCRIP) in support of the requirements 
of Section 8 of the Secure and Trusted Communications Network Act of 
2019 (Act). The Act directs NTIA, in cooperation with other designated 
federal agencies, to establish a program to share supply chain security 
risk information with trusted providers of advanced communications 
service and suppliers of communications equipment or services.

DATES: Applicable on July 8, 2020.

ADDRESSES: C-SCRIP, National Telecommunications and Information 
Administration, U.S. Department of Commerce, 1401 Constitution Avenue 
NW, Washington, DC 20230.

FOR FURTHER INFORMATION CONTACT: Megan Doscher, National 
Telecommunications and Information Administration, U.S. Department of 
Commerce, 1401 Constitution Avenue NW, Room 4725, Washington, DC 20230; 
telephone (202) 482-2503; [email protected]. Please direct media 
inquiries to NTIA's Office of Public Affairs, (202) 482-7002, or at 
[email protected].

SUPPLEMENTARY INFORMATION: Section 8 of the Secure and Trusted 
Communications Network Act of 2019 (Act) directs NTIA, in cooperation 
with the Office of the Director of National Intelligence (ODNI), the 
Department of Homeland Security (DHS), the Federal Bureau of 
Investigation (FBI), and the Federal Communications Commission (FCC), 
to establish a program to share ``supply chain security risk'' 
information with trusted providers of ``advanced communications 
service'' and suppliers of communications equipment or services.\1\ 
Through this Notice, NTIA is announcing the establishment of the 
Communications Supply Chain Risk Information Partnership (C-SCRIP), a 
partnership to share supply chain security risk information with 
trusted communications providers and suppliers.
---------------------------------------------------------------------------

    \1\ Secure and Trusted Communications Network Act of 2019, 
Public Law 116-124, Sec.  8, 134 Stat. 158, 168 (2020) (codified at 
47 U.S.C. 1607).
---------------------------------------------------------------------------

    NTIA is collaborating with the ODNI, DHS, FBI, and FCC to establish 
the program. This program is aimed primarily at trusted small and rural 
communications providers and equipment suppliers, with the goal of 
improving their access to risk information about key elements in their 
supply chain.\2\ C-SCRIP will allow for regularly scheduled 
informational briefings, with a goal of providing more targeted 
information for C-SCRIP participants as the program matures over time. 
NTIA will aim to ensure that the risk information identified for 
sharing under the program is relevant and accessible, and will work 
with its government partners to enable the granting of security 
clearances under established guidelines when necessary.
---------------------------------------------------------------------------

    \2\ See id. Sec.  8(a)(2)(A), (B).
---------------------------------------------------------------------------

    NTIA is using a phased approach to establish the C-SCRIP program, 
in cooperation with its government partners. In Phase 1, NTIA 
establishes the program and develops the required report to Congress on 
NTIA's plan to work with its interagency partners on: (1) Declassifying 
material to help share information on supply chain risks with trusted 
providers; and (2) expediting and expanding the provision of security 
clearances for representatives of trusted providers.\3\ During Phase 1, 
NTIA will coordinate closely with its federal partners to take 
advantage of the existing processes and procedures in place for the 
processing of security clearances and the declassification of threat 
intelligence and to develop a strategic implementation plan for the C-
SCRIP program to establish primary goals and operating principles for 
the partnership. The strategic implementation plan is intended to 
harmonize the C-SCRIP program with other government programs to ensure 
cohesion and to avoid overlap.
---------------------------------------------------------------------------

    \3\ See id. Sec.  8(a)(2)(C).
---------------------------------------------------------------------------

    In Phase 2, NTIA will operationalize the program, informed by 
public comments, and will establish the methods and means to initiate 
and sustain the partnership community of providers and suppliers that 
are eligible under the Act to receive supply chain security risk 
information.\4\ Phase 2 will be driven by the strategic implementation 
plan. In particular, NTIA expects to establish partnership guidelines 
during Phase 2, as driven by the Act's requirements. NTIA will also 
initiate ad hoc briefings to trusted providers during Phase 2 on an as-
needed basis.
---------------------------------------------------------------------------

    \4\ See NTIA, Notice; request for public comments, Promoting the 
Sharing of Supply Chain Security Risk Information Between Government 
and Communications Providers and Suppliers, 85 FR 35919 (June 12, 
2020), available at https://www.ntia.doc.gov/federal-register-notice/2020/request-comments-promoting-sharing-supply-chain-security-risk.
---------------------------------------------------------------------------

    In Phase 3, NTIA will refine its methods and means for generating 
and sharing information with the C-SCRIP partnership community to best 
secure U.S. communications networks against supply chain threats. NTIA 
also expects to formalize its process and schedule for briefings and 
alerts during this phase, and to establish mechanisms for ongoing 
coordination and communication.
    During Phase 4, NTIA will evaluate the initiation period of the 
program and make recommendations for adjustments or enhancements to 
advance the goal of diminishing supply chain risk among program 
participants.

    Dated: July 2, 2020.
Douglas Kinkoph,
Associate Administrator, Office of Telecommunications and Information 
Applications, performing the non-exclusive functions and duties of the 
Assistant Secretary of Commerce for Communications and Information.
[FR Doc. 2020-14725 Filed 7-7-20; 8:45 am]
BILLING CODE 3510-60-P