All organizations—government and commercial—have a growing awareness of the need for an ongoing software assurance initiative. A successful initiative requires that organizations perform appropriate activities at each step in the software lifecycle. Doing so will help ensure organizations can reliably meet software assurance goals, including those related to reliability, resilience, security, and compliance. In order to help organizations begin to tackle assurance goals, Edmund Wotring III (Information Security Solutions, LLC) and Sammy Migues (Cigital, Inc) created the Software Assurance (SwA) Supply Chain Risk Management (SCRM) Checklist. The SwA SCRM Checklist incorporates mappings of several freely available models as a framework to help organizations establish a baseline of their practices. The SwA SCRM Checklist can facilitate better communication and understanding of the risks that may be introduced during software development and acquisitions, and also facilitate selection of a maturity model best suited to an organization’s needs.