Topics to include in protecting InfoSec within ICT supply chain management include requirements that affect acquiring ICT products or services, how ICT product suppliers apply requirements to various stages in supply chains, the monitoring procedures for validating ICT products and services, and requirements for identifying critical product or service components that need extra attention.