Cyber Supply Chain Risk Management

Submitted by willirn1 on Tue, 10/26/2021 - 9:59am

Title	Cyber Supply Chain Risk Management
Publication Type	Miscellaneous
Year of Publication	2021
Authors	Jon Boyens, Angela Smith, Jeff Brewer
Keywords	C-SCRM, cloud & virtualization, Comprehensive National Cybersecurity Initiative, controls assessment, cyber supply chain risk management, Cybersecurity Enhancement Act, Cybersecurity Strategy and Implementation Plan, Cyberspace Policy Review, Executive Order 13636, Hardware, information sharing, Malware, risk assessment, security controls, security measurement, security programs & operations, software & firmware, systems security engineering, Vulnerability Management
Abstract	The NIST Cyber Supply Chain Risk Management (C-SCRM) program helps organizations to manage the increasing risk of cyber supply chain compromise, whether intentional or unintentional. The factors that allow for low-cost, interoperability, rapid innovation, a variety of product features, and other benefits also increase the risk of a compromise to the cyber supply chain, which may result in risks to the end user. Managing cyber supply chain risks require ensuring the integrity, security, quality and resilience of the supply chain and its products and services. Cyber supply chain risks may include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the cyber supply chain.
URL	https://csrc.nist.gov/projects/cyber-supply-chain-risk-management
Citation Key	node-79985

Groups:

Computational Cybersecurity in Compromised Environments (C3E)