Security News > 2022 > May > NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain.
"The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.
Specific guidance is shared in the Appendix A. Appendix C delineates a few threat scenarios, complete with information about threat source, possible outcomes, impact, risk exposure, potential mitigating strategues and C-SCRM controls, etc.
Dynamic geopolitical conditions that impact the supply of production components for PCs. Counterfeit telecommunications element introduced into supply chain.
Addressing cybersecurity threats to the supply chain.
"Managing the cybersecurity of the supply chain is a need that is here to stay. If your agency or organization hasn't started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately," noted NIST's Jon Boyens, one of the publication's authors.
News URL
https://www.helpnetsecurity.com/2022/05/06/cybersecurity-supply-chain-risk/