NIST has released a new guidebook titled “Key Practices in Cyber Supply Chain Risk Management” to help businesses secure their technology supply chains. The guide outlines eight key practices for managing cybersecurity risks posed by third-party components and services used in modern technology products.
The guidebook is designed to be easily understood and applied by businesses of all sizes. Each key practice is accompanied by specific recommendations and guidance on implementation. NIST has also included 24 case studies from different industries to illustrate effective risk management strategies.
The publication cross-references the NIST Cybersecurity Framework’s new section on supply chain risk management. NIST is currently accepting public comments on the draft guidebook until March 4, 2020, and plans to release a final version in Spring 2020.
The key practices outlined in the guidebook include establishing a formal risk management program, conducting regular supplier assessments, implementing secure development practices, and collaborating closely with key suppliers. By following these practices, businesses can better protect themselves from the risks associated with third-party components and services in their technology supply chains.
Keywords: supply_chain, risk_management, cybersecurity
