A federal IT standards body has moved to add key supply-chain provisions to its risk management guidance at a time of growing concern that Russian and Chinese companies pose a threat to national security.
The National Institute of Standards and Technology on Wednesday released a draft update to its influential Risk Management Framework, which federal agencies use to assess cyber risk. The provisional update includes measures to guard against untrusted suppliers and the possibility of hackers slipping malicious code into the supply chain.
Defining — let alone securing — all the components and systems that organizations get from third parties can be a struggle, according to the document. One answer, NIST says, is building “a chain of trust” with…
