EurekAlert - Information systems and components are under attack throughout the supply chain from the design phase—including specification and acquisition of custom products—through disposal. "Computer systems are under attack before installation by adversaries enabled by growing technological sophistication and facilitated by the rapid globalization of our information system infrastructure, suppliers and adversaries," Swanson says. NIST has released a public draft of the new report for comment.
The supply chain report is geared to information systems that are categorized as "high-impact level," systems for which the loss of confidentiality, integrity or availability could be expected to have a "severe or catastrophic adverse effect on organizational operations, organizational assets or individuals." The report provides an array of practices designed to help mitigate supply chain risk throughout the life cycle, not just on accepting systems and products "as they are" and managing risks after delivery. The practices are based on security procedures found in NIST special publications, and those from the National Defense University and the National Defense Industry Association, and these are expanded to include implementations specific to mitigating supply chain risk.
NIST is requesting comments on the draft document to be sent to scrm-nist@nist.gov by August 15. Recommended Security Controls for Federal Information Systems and Organizations (Rev. 3), available on-line at http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf.
Sunday, August 8, 2010
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment