The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) recently published updated guidance for reducing cybersecurity risks in supply chains.
Titled “Software Supply Chain Security Guidance,” the update is NIST’s response to directives issued by an executive order by President Joe Biden, designed to improve cybersecurity in the United States.
This NIST guidance is assumed to target federal agencies. However, NIST points out that it can apply to all kinds of organizations. It’s one of the most thorough references out there for cyber supply chain risk management.
Don’t want to read a 326-page document? Here are the 10 key takeaways that can inform your efforts to secure your supply chain.
Consider Specific Components of Vulnerabilities
NIST suggests an atomized view of vulnerabilities. They call for considering not only products but each specific component. Don’t forget “the journey those components took to reach their destination,” either.
Supply Chains at Risk
Supply chains are more at risk than ever. Companies manufacture products all over the world, and those products are complex. Different manufacturers from different places may assemble individual components from parts coming from around the world. Each of the dozens, hundreds or thousands of sources for the parts that go into complex machinery, computers and other devices may themselves fall victim to attacks aimed at breathing supply chains. All of this is true of software as well as hardware.
Customize Guidelines
The NIST guidelines aren’t one-size-fits-all dictates. Instead, the agency designed the principles and practices to be customized. The document ..
Support the originator by clicking the read the rest link below.
