Cybersecurity Solutions
DX360°® Cyber-Supply Chain Risk Manager (C-SCRM)

Secure circle of confidence for your Cyber Supply Chain


DX360°® Cyber-Supply Chain Risk Manager (C-SCRM) provides an automated, systematic approach to cyber risk management, allowing for efficient identification and treatment of potential risks. Take advantage of the built-in Risk Assessment Program for comprehensive coverage, from identification to treatment, to ensure that all potential risks are thoroughly addressed and mitigated.

The DX360°® C-SCRM app helps organizations identify, evaluate, assess, quantify, manage, and monitor risks obscured in complex supply chains so they can make better risk-based decisions based on a holistic view. The application not only enables users to identify, quantify, and manage risks but equips them with a library of common risks for consideration. Users can select from risks recommendations based on key sources such as components, systems, operations, and even vendors and their suppliers for proactive, predictive risk identification.

DX360°® C-SCRM recommends best practice treatments plans based on risks selected to improve the organization’s ability to mitigate or reduce their supply chain risks.

The app’s dashboards and analytics provide users at all levels of the organization, across multiple organizational units, with detailed insight as to the impact of supply chain risks allowing them to assign the right resources and treatments to critical risks. The app provides a real-time view of how risks evolve (is the risk increasing/decreasing, or being “burned down” - mitigated), how the treatments are implemented, and if their risk treatments are effective. The risk can be managed at the portfolio or even enterprise level from both a strategic and tactical view.

DX360°® C-SCRM enables agencies to update risk profiles for vendors and components, etc. as new data becomes available (service incidents, new vulnerabilities), import additional risk and treatment models, and its SaaS maintenance ensures libraries are refreshed with emerging changes.

DX360°® C-SCRM is an essential tool for any organization looking to understand its complex supply chain and manage risks and treatments effectively.

Selected by Microsoft as a Preferred Solution, which can only be published by Microsoft partners demonstrating deep, proven expertise and capabilities. C-SCRM was reviewed and selected by a team of Microsoft experts for its ability to meet federal needs in the cybersecurity vertical.

Does your 2023 resolution keep pace with mandates?

In our January POV, we summarized the key deadlines this year agencies need to meet based on OMB Memorandum M-22-18: Enhancing the Security of the Software Supply Chain through Secure Software Development Practices.

If you are not sure where to start to protect your organization’s cyber supply and meet upcoming mandates like OMB M-22-18, NIST 800-161, and E.O. 14028 on Improving the Nation’s Cybersecurity, our insights can help:

Already ahead of the game and looking to mature and strengthen your C-SCRM capabilities?

    Explore our parametric model recommendations to continue building your agencies’ cyber resiliency here.

    Attacks on cyber supply chains average $4.35M per incident, and Juniper Research studies project global cost to soar to $45.8B in 2023. If you’re not budgeting for this astronomical problem, you’re in the right place. Learn for free through a personalized, live demo of DX360°® C-SCRM and how it can help you avoid these issues. Request a demo now!

    Request Demo

Key Features

  • Mature Risk Management Processes with Guided Content and Risk Assessment Wizards for maintaining a robust, mature risk management process (identification, evaluation, assessment/prioritization, treatment, monitoring).
  • Built-in Catalog of Risk and Treatment Models based on common sources and NIST 800-60, 800-53, 800-160, 800-55A, 800-37, 800-137 and Component Vulnerability Lists, for proactive management of supply chain risks with recommended treatment models that offer best practices and industry intelligence-based response strategies.
  • Multiple Risk and Treatment Models (e.g., NIST SP800-161, component vulnerability lists) for proactive identification and management of specific risks that may be realized when implementing or using systems, components, vendors, and third-party suppliers. The treatment models offer potential best practices and industry intelligence-based response strategies.
  • Automated Vendor Onboarding to automatically import vendor information and details, including import of data from financial systems, contract systems, or excel sheets for rapid setup.
  • Support for Cross-Organizational Lifecycle Supply Chain Risk Management across different divisions using different tools and techniques.
  • Dynamic Reporting and Analytics with tailorable dashboards and analytics for multiple levels of the organization that provide at-a-glance views of your current risks for both strategic (e.g., portfolio/enterprise risk by source, criticality (score)) and tactical (e.g., risk treatments, mitigation effectiveness, treatment activity completion) insights.
  • Customizable Risk Thresholds and Appetite by providing not only a comprehensive view of risk throughout the organization but also a way to set the “bar” so you can assess when your organization has too much risk. This is coupled with the ability to “burn down” risk (lower any risks score) by working through your treatment plan allows dynamic risk management.
  • Support for Multiple Risk Sources in a Single Repository through import, view, and management of risks from multiple sources to simplify the view of supply chain risks and better target effective risk mitigation actions.


  • Robust Risk Identification based on industry best practices such as NIST SP800-161, known issues/vulnerability lists, and vendor performance ratings.
  • Effective Management of Supply Chain Risks throughout the lifecycle with appropriate treatments for each phase from evaluation and acquisition to decommissioning/retirement.
  • Reduced Time to Start Remediating Risks with effective risk treatments and treatment activities recommendations to jumpstart your risk mitigations.
  • Holistic View of Risk considering both strategic and tactical views of supply chain risk to prioritize resources to support specific mitigation and/or controls.
  • Customizable Risk and Treatment Models offer flexibility to add to and modify the models as you develop new risks and treatments so the solution evolves with the threat landscape.
  • Reduced Costs from operational savings, including eliminating manual toil of risk management and jumpstarting research, and mitigated impacts of costly risk materializations.