The National Institute of Standards and Technology (NIST) has released updated guidance against cyber attacks.
In 2020 and Beyond, NIST has published two draft documents on how companies can better protect themselves against supply chain attacks.
In response to Executive Order 14028: Improving the Nation’s Cybersecurity, NIST has published Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, which provides guidance for identifying and addressing supply chain cybersecurity risks. Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” which provides guidance for identifying and responding to supply chain cybersecurity risks.
Managing supply chain cybersecurity is a growing necessity.
This document is 326 pages long, but contains valuable information on supply chain risks, from assessments in software/product development to risks associated with the use of external IT service providers.
Organizations need greater assurance that what they are buying and using is trustworthy.
This new guidance will help you understand what risks to look out for and what you should consider doing about them.
Supply chain attacks are an increasingly popular attack technique for attackers because by attacking a single product, they can affect a large number of companies that use it.
Examples of supply chain attacks include when attackers compromised SolarWinds and attacked end users and when Kaseya’s MSP software was used to encrypt over 1000 companies.