It ain't fashion, if it ain't sustainable
texfash.com
 
  1. Home
  2. Archives
  3. Updates
  4. New Cybersecurity Guidance Issued for Supply Chain Risk Management
Supply Chains / Cybersecurity

New Cybersecurity Guidance Issued for Supply Chain Risk Management

The National Institute of Standards and Technology (NIST) under the US Department of Commerce has updated its cybersecurity guidance for supply chain risk management as a response to an executive order. It addresses cybersecurity risks throughout the supply chain at all levels of an organisation.

By

6 May 2022

 2 minutes
Long Story, Cut Short
  • The revised publication, formally titled 'Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations' was released on Thursday.
  • The publication offers key practices for organisations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains.
  • If your agency or organisation hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately, the authors said.
“It has to do with trust and confidence,” said NIST’s Angela Smith, an information security specialist and another of the publication’s authors. “Organisations need to have greater assurance that what they are purchasing and using is trustworthy. This new guidance can help you understand what risks to look for and what actions to consider taking in response.”
Chain of Risk “It has to do with trust and confidence,” said NIST’s Angela Smith, an information security specialist and another of the publication’s authors. “Organisations need to have greater assurance that what they are purchasing and using is trustworthy. This new guidance can help you understand what risks to look for and what actions to consider taking in response.” Boris Misevic / Unsplash

A US Department of Commerce institute has issued updates to its cybersecurity supply chain risk management (C-SCRM) guidance to help organisations protect themselves as they acquire and use technology products and services.

The guidance: The new update to the National Institute of Standards and Technology’s (NIST’s) foundational cybersecurity supply chain risk management (C-SCRM) guidance is formally titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1). It provides guidance on identifying, assessing and responding to cybersecurity risks throughout the supply chain at all levels of an organisation. It forms part of NIST’s response to Executive Order 14028: Improving the Nation’s Cybersecurity, specifically Sections 4(c) and (d), which concern enhancing the security of the software supply chain.

The problem at hand: A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. This update seeks to plug that gap.

  • Modern products and services depend on their supply chains, which connect a worldwide network of manufacturers, software developers and other service providers.
  • Though they enable the global economy, supply chains also place companies and consumers at risk because of the many sources of components and software that often compose a finished product:
  • A device may have been designed in one country and built in another using multiple components from various parts of the world that have themselves been assembled of parts from disparate manufacturers.
  • Not only might the resulting product contain malicious software or be susceptible to cyberattack, but the vulnerability of the supply chain itself can affect a company’s bottom line.

The publication: The guidance was released Thursday after a multiyear development process that included two draft versions. The publication now offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It encourages organisations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components — which may have been developed elsewhere — and the journey those components took to reach their destination.

The target audience: The primary audience for the revised publication is acquirers and end users of products, software and services. The guidance helps organisations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it.

 

TAGS
Country:
Organisation:
Sector:
Young India Fashion Survey 2025
 
 
  • Dated posted: 6 May 2022
  • Last modified: 6 May 2022
 
ITF Intertex Portugal 2025
LATEST SPECIALS
Textile Recycling Expo
LATEST UPDATES
Young India Fashion Survey 2025
MOST READ
British Pasture Leather is the first and only producer of leather from the hides of cattle raised on regenerative farms in the UK, certified by Pasture for Life. It connects designers with ecosystem restoration through the production of leather, working from the farm level to produce a material which is 100% vegetable tanned, and traceable to regenerative sources.

Pasture Leather: A Journey from Field to Fork to Fashion

  • Richa Bansal
 Interview

20 March 2025