The term "supply chain security" broadly refers to the measures taken to protect the integrity and reliability of the goods and services that make up an organization's supply chain, which includes suppliers, partners, consultants and other vendors that provide goods or services to that organization. The goal of supply chain security is to ensure that those obtained goods and services are of the highest quality, are free from tampering and were delivered to the intended recipients (e.g., man in the middle supply chain attack). There are several aspects to supply chain security that include, but are not limited to:
Ensuring the security of the supply chain is important for the integrity and reliability of goods and services, as well as for the reputation of those organizations involved in the supply chain. The encompassing terminology used to define this broad practice is Supply Chain Risk Management (SCRM).
Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing, and mitigating risks to an organization's cybersecurity that are associated with its supply chain. This includes risks that may be introduced by third-party suppliers, contractors and other partners that provide goods, services and/or technology to an organization.
C-SCRM involves understanding the cybersecurity risks and vulnerabilities associated with different parts of the supply chain and implementing measures to minimize or eliminate those risks. This includes, but is not limited to the following activities:
By implementing effective C-SCRM practices, an organizations can (1) help protect itself and its customers from cyber threats and (2) minimize the impact of any security incidents that do occur.
National Institute of Standards and Technology (NIST) SP 800-161 Rev 1, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, is the "gold standard" for C-SCRM practices and provides recommendations for managing supply chain risks. NIST SP 800-161 Rev 1 provides the structure to generate a C-SCRM Strategy and Implementation Plan (SIP).
NIST SP 800-161 R1 covers a wide range of topics related to supply chain risk management, including:
ComplianceForge offers editable C-SCRM documentation templates that range from policies, standards and procedures to SCRM Plan templates. Contact us for any product-related questions you have to address your NIST 800-161 compliance needs.
Secure Controls Framework (SCF)
Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about...
ComplianceForge
NIST SP 800-161 Rev 1 - Cybersecurity Supply Chain Risk Management Strategy & Implementation Plan (C-SCRM SIP) Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about what the C-SCRM is...
ComplianceForge
Cybersecurity Supply Chain Risk Management (C-SCRM) Bundle #1 - CDPP Version (40% discount) This is a bundle that includes the following thirteen (13) ComplianceForge products that are focused on operationalizing Cybersecurity Supply Chain Risk...
ComplianceForge
Cybersecurity Supply Chain Risk Management (C-SCRM) Bundle #2 - DSP Version (45% discount) This is a bundle that includes the following thirteen (13) ComplianceForge products that are focused on operationalizing Cybersecurity Supply Chain Risk...
The NIST Cybersecurity Framework (NIST CSF) is commonly used “cybersecurity best practice” for organ...
Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing and mit...
Determining the scope of controls (e.g., assessment boundary) is different than determining control...
NIST 800-171 focuses on protecting Controlled Unclassified Information (CUI) anywhere it is stored,...
