NIST Updates Cybersecurity Guidance for Managing Supply Chain Risk
In its continued efforts to improve its cybersecurity model, The National Institute of Standards and Technology (NIST) updated its guidance for managing risks to the supply chain on May 5th, 2022.
Statement from NIST
NIST released a statement following the announcement stating that it, “Encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components – which may have been developed elsewhere – and the journey those components took to reach their destination.”
The Updates
The new directive outlines major security controls and practices that businesses should adopt to assess and respond to risks. These new practices can be applied to all stages of the supply chain.
Furthermore, it encourages organizations to consider the vulnerabilities of a finished product and all its components. The reason for this is that the components may have been developed elsewhere, and as a result, they are at risk.
Specific updates can be found in Appendix A of the document published by NIST. Sections 1.6 and 1.7 specify how it integrates guidance promoted within other NIST publications and tailors that advise for C-SCRM.
The Importance of These Updates
The modern world relies on the supply chain to get products and services to customers safely and efficiently. It enables the global economy and exposes companies and consumers to risk.
Having an updated cybersecurity framework means that all sections of the supply chain will take the time to ensure that it has not been exposed to malicious software or malware.
If you have any questions about NIST’s new update, do not hesitate to contact GSec LLC. We can help provide clarity and prepare you going forward.
By: Alex O’Reilly
Sources: https://thehackernews.com/2022/05/nist-releases-updated-guidance-for.html
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf
https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management