Technology products are commonly built using components and services supplied by third-party manufacturers and suppliers, making them difficult to secure effectively against malware and other threats. NIST
With a goal to reduce the cybersecurity risk to one of the most vulnerable aspects of commerce—global supply chains—the National Institute of Standards and Technology (NIST) has published a draft guidebook for businesses that presents a set of effective risk management techniques distilled by NIST’s computer security experts.
“Key Practices in Cyber Supply Chain Risk Management” provides a set of strategies to help businesses address the cybersecurity issues posed by modern information and communications technology products, which are commonly built using components and services supplied by third-party organizations. The composed nature of these devices and systems makes them difficult to secure effectively against malware and other threats, placing manufacturers, service providers, and end users at risk.
“The seed of the problem is that everything is interconnected nowadays,” said NIST’s Jon…
