"NIST Updates Cybersecurity Guidance for Supply Chain Risk Management"

The National Institute of Standards and Technology (NIST) has updated its foundational Cybersecurity Supply Chain Risk Management (C-SCRM) guidance, which aims to help organizations protect themselves as they obtain and use new technology products and services. The updated publication, titled "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations," offers guidance pertaining to identifying, assessing, and responding to cybersecurity risks faced in the supply chain at all levels of an organization. The publication forms part of NIST's response to sections of Executive Order 14028 concerning enhancing software supply chain security. It now provides essential practices for organizations to follow as they develop their capability to manage cybersecurity risks in their supply chains. Organizations are encouraged to consider vulnerabilities contained by a finished product as well as its components, which could have been developed somewhere else. They are also urged to consider the journey taken by those components to reach their intended destination. The main audience for the revised publication is acquirers and end-users of products, software, and services. The guidance helps organizations implement cybersecurity supply chain risk considerations and requirements into their acquisition processes. It also emphasizes the importance of monitoring the supply chain for risks. Since cybersecurity risks can emerge at any point in the life cycle or any link in the supply chain, NIST's guidance now covers potential vulnerabilities such as the sources of code within a product or retailers that carry it. Before providing specific guidance called cybersecurity controls, the publication provides help to the various groups in its intended audience, ranging from cybersecurity specialists and risk managers to systems engineers and procurement officials. This article continues to discuss NIST's updates to its C-SCRM guidance.

NIST reports "NIST Updates Cybersecurity Guidance for Supply Chain Risk Management"

Submitted by Anonymous on