NIST Renewed Its Recommendations on Supply Chain Risk Control

Posted by HIPAA Software on May 09, 2022
Supply Chain Risk Control

Five days ago, the National Institute of Standards and Technology (NIST) posted the renovation of its recommendations on supply chain risk control, named “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.” New changes aim to suggest for organizations efficient cybersecurity methods detect, assess, and respond to risks all around the supply network.

About The Importance of Supply Chain and Its Vulnerabilities

Nowadays, goods and services hinge on their supply chains. In their turn, these chains form an international network of producers, software engineers, and other services suppliers. But on the other hand, these chains can also jeopardize organizations. It is because the final product may consist of various elements and software. 

For example, a company in one country can make up a product concept, but the other one with headquarters abroad may produce it with details from other countries, and so on. As a result, the final product may have malicious software and be vulnerable to cyber-attacks. So, the bad quality of the product may influence the supply chain. And in turn, it will harm the organization’s income.

What Changed in Recommendations on Supply Chain Risk Control?

The NIST’s recommendations on supply chain risk control now consist of critical recommendations for organizations to make their supply chains invulnerable to cyber threats. Organizations have to implement those methods when they expand their abilities of cyber risk controls all over the supply network. These methodologies urge companies to pay attention to the weak spots of the final product and its details. It is to consider the fact that companies abroad may develop these components. So, these details passed a particular process to supplement the end item. 

The guidelines highlighted that it’s necessary to monitor risks. Also, it urges organizations to include the demands regarding the dangers of supply chains in their procurement processes. The supply chain risk control recommendations consider possible weak spots at the code sources within the item and retailers that maintain it. It is because potential dangers may probably appear in every element of the supply chain.

The Reason for Changing Recommendations on Supply Chain Risk Control

Supply Chain Risk Control

The recommendations on supply chain risk control modification result from the President’s Executive Order (EO) regarding the improvement of national cybersecurity. It concerned several organizations, including NIST. However, the EO was published about a year ago. So, it took almost a year to develop this complex supply chain vulnerability elimination mechanism. Also, during this period, the NIST’s guidelines have passed two stages of drafts to assume the final form.

What is the Target Group of Recommendations on Supply Chains Risk Control?

The primary target auditory of the NIST’s guidance are buyers and final users of services, goods, and software. Until giving any particular tip, the recommendations on supply chain risk control suggest assistance to different groups of its target auditory. For example, it varies from cybersecurity experts to procurement officers. The guidelines indicate the user’s profile to every group and provide information on what content of the recommendations is the most appropriate for the group.

Additional Information

Because of the possible difficulty of the guidance, NIST plans to work on the handbook for beginners to cover more interested parties. It will add the web-based version with the simple navigation activated by clicks to the existing PDF document. In addition, it will ease the process of searching for appropriate information and chapters.

Here you can find the document with the NIST’s recommendations on supply chains risk control. Stay with our news portal to be informed!

We will be happy to hear your thoughts

Leave a reply

hipaa-software.com
Logo
Register New Account
Reset Password
Compare items
  • Total (0)
Compare